{"report_id":"fb0aa969-21f2-487b-92fa-80a4f64bc2fa","version":6,"status":"done","tags":[],"date":"2026-02-24T14:02:34Z","url":{"schema":"http","addr":"waves.lat","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":0,"asn":0,"as":"","country":"Austria","country_code":"AT"},"final":{"url":{"schema":"https","addr":"waves.lat/","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"title":"Coursera | Courses, Professional Certificates, and Degrees Online","dom":{"size":100185,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"a40055ed41d64a6f3449e63355bf35cd","sha1":"7cafd7771199d1172b9b17e86da65f54a6a4931a","sha256":"297d3e19a65317d45dfc52e5ec919d6c696f656c7a79c76cfa04152284ba739e","sha512":"7e9eec4f4a3cc0f54befa54e231b2a5fbb6f915f67aa49ce920af23c9659f291b0d0f7ba6c0cc69dcc388a9238faa1261dc113b4953028f0ec435e38196f15fc","ssdeep":"768:5juWuAThgZujuruBuhKCZoMCLsVPal7IUE:XglKCZoMCLsVPal7fE","tlshash":"b1a38dbe35b102806b27c66c83dede59163cf167041bdc9ab2d2048a9f8bedc97d5247","dom_hash":"domhash97d1de2bae1e02392571ae1564d61d6a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"waves.lat","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":0,"asn":0,"as":"","country":"Austria","country_code":"AT"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-31T14:02:34Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":26}},"detection":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-02-24","alert":"Hunting_JS_WebAssembly","trigger":"waves.lat/b?id=2","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"openairtowhardworking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"protrafficinspector.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cdn.show-sb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cdn.show-sb.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cdn.show-creative1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdn.show-sb.com","ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":187612,"first_seen":"2024-08-31T03:46:04Z","last_seen":"2026-02-18T21:59:50.874706Z","alert_count":2,"request_count":1,"received_data":2252,"sent_data":473,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"waves.lat","ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"domain_registered":"2025-06-08","domain_rank":0,"first_seen":"2026-02-24T14:02:36.556254Z","last_seen":"2026-02-24T14:02:36.556254Z","alert_count":14,"request_count":13,"received_data":1060871,"sent_data":6235,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.show-creative1.com","ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":392451,"first_seen":"2024-08-27T12:23:01Z","last_seen":"2026-02-18T22:23:39.039831Z","alert_count":1,"request_count":1,"received_data":2192,"sent_data":489,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"wayfarerorthodox.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-08-08T11:06:50.216151Z","last_seen":"2026-02-20T02:42:08.582199Z","alert_count":3,"request_count":1,"received_data":519,"sent_data":492,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sourshaped.com","ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-06T14:35:38.581947Z","last_seen":"2026-02-21T22:42:41.82197Z","alert_count":12,"request_count":4,"received_data":8485,"sent_data":4224,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"creative-sb1.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2026-02-18T20:22:34.377687Z","alert_count":36,"request_count":12,"received_data":588807,"sent_data":5564,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2026-02-19T05:26:36.784926Z","alert_count":9,"request_count":3,"received_data":257868,"sent_data":1221,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"kettledroopingcontinuation.com","ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":196057,"first_seen":"2025-07-30T15:18:19.355595Z","last_seen":"2026-02-18T21:06:36.836602Z","alert_count":48,"request_count":12,"received_data":12743,"sent_data":9875,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-02-22T22:20:46.526035Z","alert_count":0,"request_count":1,"received_data":458058,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-02-22T22:14:59.650342Z","alert_count":0,"request_count":4,"received_data":172422,"sent_data":2118,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-02-22T22:18:02.864626Z","alert_count":0,"request_count":1,"received_data":17441,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2026-02-19T11:20:11.310365Z","alert_count":3,"request_count":1,"received_data":377,"sent_data":412,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"openairtowhardworking.com","ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2026-01-06","domain_rank":0,"first_seen":"2026-02-11T06:53:34.506613Z","last_seen":"2026-02-19T13:39:51.654227Z","alert_count":3,"request_count":3,"received_data":294743,"sent_data":1356,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"protrafficinspector.com","ip":{"addr":"63.176.181.205","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2026-02-18T19:03:09.950858Z","alert_count":3,"request_count":3,"received_data":1254,"sent_data":1302,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-WGJ2192JZY","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c52e9a33d55449fd2e7e70d0fad200a9","sha1":"82e309b8e40ee5ecb6cd59ebfdfcf10c0725c6c3","sha256":"393919353a57dbdcbca8e265675e3408ac0340b02141e9a69635457ed57c0ac5","sha512":"8f23161930a57564f3ab6c0bba75f5c1e39926763b56915ad328e9b379478a904760557076f138d0ddc439d48a7cdb6c838a3744ef70129493f2f4d4337cbbc2","ssdeep":"6144:NfXmO7CW6yS73J5wYygLIR8Nyk7pNH08pddlmOrELkS5fenMcm0v:NLuW6yS7ADEIR855VrEff3E","tlshash":"62a41ace73d670269396f478503f018ba57b25a2b44dc89af189cce42d74a9a4237f7c","size":457454,"data":"","first_seen":"2026-02-24T14:02:40.199611Z","last_seen":"2026-02-24T14:02:40.199611Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openairtowhardworking.com/ae/d0/76/aed076d8107ca5d3c26d23543900a3c4.js","fqdn":"openairtowhardworking.com","domain":"openairtowhardworking.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c34d41054097d7937b9b6d9d4430286a","sha1":"27cfd4467d0c267b1acbed5732d792dbf6a2b41e","sha256":"630d355fa7c30361f9b55955b1dd100615e56449b8aba152dbd61fe4a6d1bc44","sha512":"be472dcb69a56fca766bec720a82b79750bb95a6c22f2817277d7eca251bb3f195a19eaeeb048c97b8f8984e0c32c634695d6d4f35f9bfcb69d08a1cbbbdc76c","ssdeep":"1536:2swV1G3GB7i2tDV62GWcGQ0WYmQI196wr/PsZX7EMh3uwq5r7hukjKr:rwf7XE6wrX0XwMh3uwq5r7BC","tlshash":"c2b3e98c3f50f1dd02a27033153f680af0299e9220cde5a8e247f5957ab979ae43df65","size":107706,"data":"","first_seen":"2026-02-24T14:02:40.188235Z","last_seen":"2026-02-24T14:02:40.188235Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"3eefa71f5d3bfa927ec4e2dd8620c4ff","sha1":"e1fd2bb018f83f37a2b3a9c7c98ccb6216c63ec3","sha256":"48676214f2453a24863b89a371e6bf788d1d094cb918ef2ba10e6d7a96ad70ce","sha512":"6e860a10899e94d03f6cefeb636e37d8da15c8a4630877d8cf3d6f18966514f8c99d3b5df9f6c2804f909076e1b4cdad51da7db26d2572d8fb97a27b9e701163","ssdeep":"","tlshash":"a301e9d910e013256227d5b853a7338db9783144c2093a1d700c56826eb07ae16aee9e","size":821,"data":"","first_seen":"2026-02-15T10:35:40.991025Z","last_seen":"2026-02-24T14:02:40.235425Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"introduction_type":"eventHandler","is_inline":false,"md5":"43e28c5553d54ed2964bd5147521769b","sha1":"0a2b8c3db330a47aa7b9195e6dfdf944adb9240d","sha256":"d63026c985dc46aeb316574b7bf1828080c906238e35d5e34cb80414c0e70d23","sha512":"6dda085e4196167cf64287cb675c05b09bdaa291decebd1bea2b52ccdbd380de5875dc233fa3d439559413693f1e7974f485d60a2c1541bf62a8887bf5ff9811","ssdeep":"","tlshash":"1b80000c0a20c0882a00af00e000c202a0c2200f0220238ce823bce2a83c888808fea0","size":38,"data":"","first_seen":"2023-04-10T16:02:06Z","last_seen":"2026-04-06T08:49:17.860512Z","times_seen":127027,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/b?id=3","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"introduction_type":"scriptElement","is_inline":false,"md5":"db615a5aac1ffb3ccc40ed26d4ab2cda","sha1":"38341ef1f573a5093330c4abfbd4981729c15c09","sha256":"fbd8ff1aed4de28f3a7ded5300d931471b843ee80d7f22190546d0551412fe8c","sha512":"6c9cc363466cff249dab3a5c6f6f5e12db1e7b6558b77cdec1db20e766304e9438435f940b536281c519a332b2584db9b99bb046b26fd5366385c50839d30982","ssdeep":"3072:dGai+ybk0hSLFfBrPGWYPEonYSzpfhIcSDYCLlmL4QBJKedAyV76EVPwcalyoan7:dtICJ4FnYS14QBJB1tVPrmDighmh0Ex","tlshash":"64745b393141742b9696c097506f0332a9b546a8b40f492dbf70e7eb78a4d8b107bbf7","size":354897,"data":"","first_seen":"2025-08-28T11:14:56.370122Z","last_seen":"2026-03-11T13:07:32.821597Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"introduction_type":"scriptElement","is_inline":true,"md5":"884e795555c99f00a8853013ca9582e6","sha1":"6bd7579d6167079eb08de4082aae64d9f7b0fa27","sha256":"725e208d4f3a684a066d435286f9d30ba4cbb299ba3833733652b9b2748d57a3","sha512":"0a7b33a7b5ce68994e43f7cda765a9b3d937af66c309d5d426d1984c4c556b3efdaac64060be07cccd48008436dad415b23b80dc27a255a9b0055614a5e6a2ce","ssdeep":"","tlshash":"3fc08c88220b0c7190ab3a498f3fb501b016222250a09832390e63048f31e179748804","size":183,"data":"","first_seen":"2026-02-15T10:35:40.992342Z","last_seen":"2026-03-11T13:07:32.831038Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openairtowhardworking.com/9d/5d/7e/9d5d7e8864b7a6d89223a8dacb1b9fd8.js","fqdn":"openairtowhardworking.com","domain":"openairtowhardworking.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3447a2290a96a5c820230152f4560f54","sha1":"d946598097c376457f4d6053340c450b09478f38","sha256":"9d77b6c04a042f72ba4a98afdc5544bfb01271e268a5424624adf64aad79bff0","sha512":"6fd40209b09ca7dbcfa1a797d5604e07622b5e4d2fb9f09ade275e81df426449eaf7d35a21cc7c7ccd498e698d336794400d11b809db4ad8d2c5fca6d5dfb235","ssdeep":"1536:bEt9tilKqAGQDSAiLoHL0cTIgV2BOPsuUd7s/KwR1UwurV4aYLuvGgIo5+phrtXj:bJlKTGQDSAiLoHQcTIgV2BGsuUd7s/Km","tlshash":"8093d84c3f82b0d41397707b762f902bf23b5c955868e88de243adac5da9719a337e05","size":92208,"data":"","first_seen":"2026-02-24T14:02:40.217569Z","last_seen":"2026-02-24T14:02:40.217569Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openairtowhardworking.com/a1/37/68/a1376848d2be9154b24a145e7a3a8df6.js","fqdn":"openairtowhardworking.com","domain":"openairtowhardworking.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"13b95764b901df80f16dc42e4a4347e9","sha1":"334a343fa8713abf6c8280ea87894abc189772d9","sha256":"d7c878e99ca2293f5883e9db288a757382299e20ec615aebbca97d5ff7c6d3ad","sha512":"da1e314bb09a9ea22436037e60ae4f1635f52181df81c47dbd47e867b7b824c564aa0f49030adf71a43a93f0f102684867491c474b5051b9b98851f3ea0226ce","ssdeep":"1536:bEy9oiLKqAGQDSAiLoHL0cTIgV2BOPsuUd7s/KwR1iwurV4aYLuvGgIo5+phrtXV:bNLKTGQDSAiLoHQcTIgV2BGsuUd7s/KC","tlshash":"2593d84c3f82b0d41397707b762f902bf23b5c955868d88de243adac5da9719a337e05","size":92276,"data":"","first_seen":"2026-02-24T14:02:40.223953Z","last_seen":"2026-02-24T14:02:40.223953Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-06T07:52:28.368921Z","times_seen":13341,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/other/adzilla/circle/2-1/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"561acb3e541133bbdd2c0c19f8ee35a1","sha1":"ffd1353cf3f77d25f801c84d8208613eb0d3d548","sha256":"9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc","sha512":"8a647ed6f56b4da93c7a034609060991cc8080350f057f4f2af2c369f18af066db3b4e77701fc017027fd774264a6d0f84927239d7d2f693edc6f7d6a0917be3","ssdeep":"1536:YjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h5cApwEjOPrBeU6QLiTFbc0QlQvakV:YYh8eip3hXuf6IidlrvakdtQ47GKl","tlshash":"f993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89492,"data":"","first_seen":"2023-03-07T01:04:00Z","last_seen":"2026-04-05T13:23:52.248793Z","times_seen":6520,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/b?id=4","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"introduction_type":"scriptElement","is_inline":false,"md5":"17a6aedffdf53c8aac38a1b68b69701b","sha1":"fc62e3b2b1c2805da881e720f576686862dcc8c5","sha256":"994dae5c6da0b8a28f7e45577ed9624abdfac2e5849738b66742f8b2b92f880f","sha512":"196e23cc05c84316574b108b7afc55226416d1310f9b533c7dec8fd0c757bd41bc18a3eda8917c1f7fa4845eb8d365d4be23739ea268781067aad5a65f04a53c","ssdeep":"","tlshash":"b7d02ece0eee1e801bc0c2c3e0af44184faa16420e3dc0580e24ab280f00abc322101c","size":267,"data":"","first_seen":"2025-08-28T11:14:56.317304Z","last_seen":"2026-03-11T13:07:32.795698Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/b?id=1","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"introduction_type":"scriptElement","is_inline":false,"md5":"d6fb6efaada06db33826110942794112","sha1":"f6687e452c4258d3485ba1757ffd97dd669859f1","sha256":"1d56021f65ac6caf0e92b9c46d00f9a9045722766304fc6432f7927ced8a2c82","sha512":"aa60231d0276710aec2ce50b8e9f30fd9b112514cabd5146f9d84f8305c0360cd3ff234ef20e66937a6e153748d4dd83afc772b6ad8114d839f7f742fdde64d5","ssdeep":"192:Z4FBMoJDWTnqfyW8d76vR5UOy43oaxAkPccYLiMYeFOlYAKnY3M:Z4FBhDWTOy6vfUOy44occYuMYeFOlYAe","tlshash":"b902d7d0b0b524bec7a661d174d93201b265b1b4b714c0b4f73c2eff39da496a60af28","size":8589,"data":"","first_seen":"2025-12-01T00:51:41.584499Z","last_seen":"2026-04-05T12:24:04.110154Z","times_seen":357,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-06T07:52:28.368921Z","times_seen":13341,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"6e2676e3e82014e81b8bf036d0c0c4c7","sha1":"1a8694e54b39d11b13a34d5911cef38e19f68f6a","sha256":"461ad6bcd59f36874f5f1c8a52924f2d7750c767fdaeacb1738a86f78c07b2c1","sha512":"3420f75d918957b926eb0285a8fbe9d063526b7056ecc8bce7af7f51d4aef975777d96d67391065f1b80c2a0c543d87f6c39801200fc8c83457e56e7aed12f3a","ssdeep":"","tlshash":"1ff0f93932344372bf5fe2e49296e6cf1274224e810b8205707403d53eb56ea4bd2699","size":612,"data":"","first_seen":"2026-02-18T03:13:48.666735Z","last_seen":"2026-02-24T14:02:40.239102Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-06T07:52:28.368921Z","times_seen":13341,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/b?id=2","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"introduction_type":"scriptElement","is_inline":false,"md5":"04fd569909f2b8ba9367768471dc6cc6","sha1":"bd0b68a1e6b5c38aeafddf18ea7b90660452195c","sha256":"00f2a68ebe2f158b9cafdb730375aac2314c36fe5f3e460c2b1ea05b9a939085","sha512":"55d78067b9e5c87e3ff43c760394e96e808a5b985be172cc0fe3f8927a07033cae95a4083fcdf1097192eff411c310d46bdad0f59c42440f041dead84c91aab3","ssdeep":"3072:jMLiQ4xjpYsYC//iRaN9gGX5+MpC+ybk0BR321+20DDTG:jMLVsmRaTohm1+LLG","tlshash":"2e045c973aa1b83387db529d80a71601b23d11786049807cf5bcd8ea5bb4a4f527ff39","size":179847,"data":"","first_seen":"2025-12-07T18:17:56.151781Z","last_seen":"2026-03-07T05:05:53.044107Z","times_seen":11,"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-02-24","alert":"Hunting_JS_WebAssembly","trigger":"waves.lat/b?id=2","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"sourshaped.com/pixel/sbs?c=1","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=62682266-af76-415a-9150-2edbba088488:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27484197=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":652,"timings":{"blocked":278,"dns":1,"connect":91,"send":0,"wait":94,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/other/adzilla/circle/2-1/img/number.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 22:50:15 GMT","end":"Sat, 23 May 2026 23:48:46 GMT"},"fingerprint":{"sha1":"E0:64:EB:B0:39:B0:1B:31:05:CE:A0:93:C8:74:E7:A4:DE:D1:B3:77","sha256":"6D:BC:A3:C7:8F:67:2C:FE:E1:7A:88:EA:6C:8E:07:D4:1D:1F:CA:FD:54:30:02:80:22:B2:74:B5:95:C4:99:75"}}},"request":{"raw":"GET /sb/notifications/other/adzilla/circle/2-1/img/number.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 1138\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:42:22 GMT\r\npriority: u=4,i=?0\r\netag: \"68c0129e-472\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 309385\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ij9Dwp03jfdLrcUiQR%2FW%2Bjzr3Xvjp22qoiXKGqhs8HomQLP7%2Fj8PSiT%2FeJl1iJtgVTUDA0zgIDZAsRyCuP9F7sTgA9gHik0RMtpNN5vQeQM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d2f7fe71badd9c3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1138,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced","md5":"9e4414e85c588bf7db195e49c02ab2bb","sha1":"09254e79b255f1b2dfe45adbbe44583a4b433782","sha256":"0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762","sha512":"07925dc4d8f6cc1b9b89d26f2c3a6aa3175279719a0999fd837a20e8b12f443eb521e23b3212227ac1b6dfa2ecfcdd94b7494dd67d9d8b046efdddd185bb9bfc","ssdeep":"","tlshash":"a121f90aeca21be0d7888f0214dc135095da07447f8e280a37b6aa599e1070614451fb","first_seen":"2023-04-09T12:43:14Z","last_seen":"2026-04-06T07:35:43.545561Z","times_seen":2435,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openairtowhardworking.com/ae/d0/76/aed076d8107ca5d3c26d23543900a3c4.js","fqdn":"openairtowhardworking.com","domain":"openairtowhardworking.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"openairtowhardworking.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 06 Jan 2026 08:11:56 GMT","end":"Mon, 06 Apr 2026 08:11:55 GMT"},"fingerprint":{"sha1":"34:8B:F0:07:AD:C3:A7:8F:73:96:A0:68:4C:83:08:02:28:98:45:D6","sha256":"AE:72:A7:43:41:3D:30:CE:CD:96:7E:F8:EC:18:6F:BD:88:9E:40:49:1D:84:4A:17:A1:35:35:2E:7F:16:D2:5A"}}},"request":{"raw":"GET /ae/d0/76/aed076d8107ca5d3c26d23543900a3c4.js HTTP/1.1\r\nHost: openairtowhardworking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:13 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 38914\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: openairtowhardworking.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f4a0cbe3f322dd4e5cef73f22a563b6c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":107706,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c34d41054097d7937b9b6d9d4430286a","sha1":"27cfd4467d0c267b1acbed5732d792dbf6a2b41e","sha256":"630d355fa7c30361f9b55955b1dd100615e56449b8aba152dbd61fe4a6d1bc44","sha512":"be472dcb69a56fca766bec720a82b79750bb95a6c22f2817277d7eca251bb3f195a19eaeeb048c97b8f8984e0c32c634695d6d4f35f9bfcb69d08a1cbbbdc76c","ssdeep":"1536:2swV1G3GB7i2tDV62GWcGQ0WYmQI196wr/PsZX7EMh3uwq5r7hukjKr:rwf7XE6wrX0XwMh3uwq5r7BC","tlshash":"c2b3e98c3f50f1dd02a27033153f680af0299e9220cde5a8e247f5957ab979ae43df65","first_seen":"2026-02-24T14:02:40.188235Z","last_seen":"2026-02-24T14:02:40.188235Z","times_seen":1,"resource_available":true,"data":null}},"time_used":851,"timings":{"blocked":321,"dns":58,"connect":94,"send":0,"wait":97,"receive":93,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"openairtowhardworking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"63.176.181.205","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"statistics.it.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 18 Feb 2026 00:00:00 GMT","end":"Fri, 19 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"FF:73:E7:93:27:CB:4F:C3:84:85:D5:0E:06:52:E6:94:2D:2B:A5:C6","sha256":"09:27:72:13:57:CD:B4:25:3A:BE:58:AD:CC:13:D2:7D:D4:D4:F6:12:80:69:D9:B9:38:71:43:36:A9:56:FE:70"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:13 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://waves.lat\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=62682266-af76-415a-9150-2edbba088488:2:1; expires=Fri, 22 Feb 2036 14:02:13 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"bcb9d541e628eb361bfeb835e55606bb","sha1":"49e53faa2e16b0b533a6b3f91ad50e691ebcac22","sha256":"d1869dddb29c311a5c92f35dc8ac47e0b9d7d934b143f1fd5e956525ea8703a3","sha512":"7900afe3e6a897b1ecceaba52c1438cf86cbb2993e0fba0104ae6d1556e6c356eb454a52d955492632b1031223b391b09f65f2a1502956a16de3ba2074e73991","ssdeep":"","tlshash":"989004570715c35d177d54c534f057d457c53001015113515571d37dc0530c4100c751","first_seen":"2026-02-24T14:02:40.191337Z","last_seen":"2026-02-24T14:02:40.191337Z","times_seen":1,"resource_available":false,"data":null}},"time_used":341,"timings":{"blocked":156,"dns":14,"connect":26,"send":0,"wait":21,"receive":0,"ssl":120},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"protrafficinspector.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/notifications/other/adzilla/circle/2-1/index.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:14.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Feb 2026 22:39:28 GMT","end":"Mon, 04 May 2026 23:38:03 GMT"},"fingerprint":{"sha1":"DE:44:B7:F9:65:9F:D2:6E:27:46:3E:12:7A:23:24:E9:D7:2B:16:7E","sha256":"E1:09:99:E2:19:59:48:E0:83:95:4C:4F:63:09:68:08:82:8E:16:17:8D:20:09:B6:93:1D:B5:84:B7:46:68:C1"}}},"request":{"raw":"GET /sb/notifications/other/adzilla/circle/2-1/index.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:14 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:42:17 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y5Zzyjf6dzXimcffxAAvKliWUH1OK6xY7z4Xw32n0doHTCS5XNAuBLPO4Z7ATQ2uM8DgsR4AkNGL3ihXsSkWZlStPWVQsCfBG7HnqKT3EA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9d2f7fe2bf4b349b-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":1510,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"a84c0ab31bbe30b9632b53e0de22a2ff","sha1":"4583dfb36fb3dabc5cd327203bac5a88232266e6","sha256":"f2d423a37133dfd825b576372b7afc01b4a9d0a54607abf433d2d90d126425d4","sha512":"306b6f9a9437f3295d90e45a1334537270d9680a67e34cc6a4e34f9c138d1f01ec35a90e6545d44d1a7ef7ad8ee6da1407379bce67f1d043d7206d0ca5076d18","ssdeep":"","tlshash":"0e318f771cfdd8a720c251537b312f9ae9c6e503490a29147bfd05684b86eb1c91368a","first_seen":"2025-09-14T23:01:21.762606Z","last_seen":"2026-03-31T06:41:18.84556Z","times_seen":122,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":38,"dns":1,"connect":8,"send":0,"wait":111,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cdn.show-sb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cdn.show-sb.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/other/adzilla/circle/2-1/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 22:50:15 GMT","end":"Sat, 23 May 2026 23:48:46 GMT"},"fingerprint":{"sha1":"E0:64:EB:B0:39:B0:1B:31:05:CE:A0:93:C8:74:E7:A4:DE:D1:B3:77","sha256":"6D:BC:A3:C7:8F:67:2C:FE:E1:7A:88:EA:6C:8E:07:D4:1D:1F:CA:FD:54:30:02:80:22:B2:74:B5:95:C4:99:75"}}},"request":{"raw":"GET /sb/notifications/other/adzilla/circle/2-1/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:15 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:42:25 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nage: 85854\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=stzKhm%2BDXSHT8O2XEICE3fTZct9xKXS%2FhkprbSQwVe2rqmuMLETX0OY%2FpLkJQO%2Ff19LhgSGoror3GbG0%2FIzGEvI8CEcAdbXGZxgHoUzFY3U%3D\"}]}\r\netag: W/\"68c012a1-23d\"\r\ncontent-encoding: br\r\ncf-ray: 9d2f7fe55f45d9c3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":573,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"4ad866325b0ec91a23c6b079439dd3aa","sha1":"047474923b9d0514e84fedd7a26aaafd415e66af","sha256":"b5d4dc4d9b998f7f2a11ade797f3966a4e909e9f3115f863513951d4f1fd1794","sha512":"0e7f9c14ad8485aec8405c48d4331586338b749bb4e1e637f88e619c6747716b568994122f0a429c18abc5cf5faff46eed0b0ca0dc23413465edb212fde20de1","ssdeep":"","tlshash":"1bf0422465a402348377d0b661ff6b4f3674661ad1070b0e741c15970fe16f932c6d4b","first_seen":"2025-09-13T01:43:14.203096Z","last_seen":"2026-04-03T18:56:21.878468Z","times_seen":217,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:36:36 GMT","end":"Sat, 28 Mar 2026 23:36:35 GMT"},"fingerprint":{"sha1":"0E:EE:1D:ED:80:5A:CA:0C:1E:93:89:94:78:B7:34:91:38:D4:89:51","sha256":"CF:77:1B:FB:04:67:32:02:DF:D9:38:24:27:3D:A5:98:54:0C:4D:BA:C5:1B:62:FD:C1:E1:17:57:6F:63:B3:BF"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:13 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3116927e8332043ae35105d76495f1dc\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-06T07:52:28.368921Z","times_seen":13341,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":-1,"dns":0,"connect":18,"send":0,"wait":29,"receive":18,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/other/adzilla/flip_icon_fullpage/2/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 22:50:15 GMT","end":"Sat, 23 May 2026 23:48:46 GMT"},"fingerprint":{"sha1":"E0:64:EB:B0:39:B0:1B:31:05:CE:A0:93:C8:74:E7:A4:DE:D1:B3:77","sha256":"6D:BC:A3:C7:8F:67:2C:FE:E1:7A:88:EA:6C:8E:07:D4:1D:1F:CA:FD:54:30:02:80:22:B2:74:B5:95:C4:99:75"}}},"request":{"raw":"GET /sb/interstitial/other/adzilla/flip_icon_fullpage/2/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:15 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:21:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4WBwyqW%2FDuHdFbuF9N3w55HeAxfse701Eux5WExsjRpOScaHeJ5f%2FjtOjyRbG%2FhGeIph5PA31nTG4EMhyHTYgsa9eV02YMEaeJtZ0KckX1I%3D\"}]}\r\nage: 69364\r\ncf-cache-status: HIT\r\netag: W/\"68c00da6-18d\"\r\ncontent-encoding: br\r\ncf-ray: 9d2f7fe40d94f3c7-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":397,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"999af189e50c58f1a44d672e4b3d5a3f","sha1":"a69c7a4d68885a14d01d33c26d136b95b42313d6","sha256":"28ec866098b037343646399a597ae93e16b11b66f90426ffb5cf743a3c41e38f","sha512":"c529c76b23058a6d81c9ab4a61460669f1a8175b35428a5be422eb933ba4d34820cf3c9eafdad1cd132d699bac6966414c0f27d561393b520eaa55cd679521ab","ssdeep":"","tlshash":"ede02b3861685234c7b7d1a2628f679f2630425fd00a425e702c174f0ee1fa612c1dab","first_seen":"2023-05-07T17:52:21Z","last_seen":"2026-04-06T05:05:16.307207Z","times_seen":427,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":21,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbs?c=1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 21:44:44 GMT","end":"Sun, 24 May 2026 21:44:43 GMT"},"fingerprint":{"sha1":"4C:9B:DC:71:4E:6F:7E:04:5A:F2:21:54:DA:06:E8:A0:34:82:CB:86","sha256":"23:FF:1C:4C:C9:81:C7:C0:A0:EB:2B:81:77:68:85:F3:47:33:36:DE:71:C4:DB:B4:66:77:5F:24:24:B9:A7:89"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27289473=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/!!/https://fonts.googleapis.com/css2?family=Lexend:wght@100..900\u0026display=swap","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waves.lat","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 00:34:17 GMT","end":"Fri, 15 May 2026 00:34:16 GMT"},"fingerprint":{"sha1":"AB:7B:3A:A8:C3:DC:5E:16:FE:75:F0:2F:DB:35:8F:8B:18:7D:8B:0C","sha256":"46:52:82:59:82:73:1E:01:CB:9B:E5:EC:97:78:E2:54:6F:1B:9E:BB:AD:7E:6F:BD:47:B5:67:BD:4A:31:1A:97"}}},"request":{"raw":"GET /!!/https://fonts.googleapis.com/css2?family=Lexend:wght@100..900\u0026display=swap HTTP/1.1\r\nHost: waves.lat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://waves.lat/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-encoding: gzip\r\nreferrer-policy: no-referrer\r\nx-content-type-options: nosniff\r\ncross-origin-resource-policy: cross-origin\r\ncontent-type: text/css; charset=utf-8\r\ncross-origin-opener-policy: same-origin-allow-popups\r\nexpires: Tue, 24 Feb 2026 13:58:20 GMT\r\nserver: Caddy, ESF\r\ndate: Tue, 24 Feb 2026 13:58:20 GMT\r\npermissions-policy: interest-cohort=(), payment=(), usb=(), geolocation=()\r\nx-frame-options: ALLOWALL\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding, origin, access-control-request-method, access-control-request-headers, Accept-Encoding\r\nlast-modified: Tue, 24 Feb 2026 12:40:38 GMT\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-xss-protection: 1; mode=block, 0\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400, private, max-age=86400, stale-while-revalidate=604800\r\ntiming-allow-origin: *\r\nx-cache: HIT\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1233,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"3ae34e89afaafc9f27809ecfd1b802f2","sha1":"b81ee50f42935bbcd67c1672afd8a926437a81ae","sha256":"ce61bf2e8f99293b2786af86b919da39f912f770977fcff938a4303e0200f93b","sha512":"1b236546aabb6b7303e3ebf06ba0a839d173459f0adb4f517fa4fa41d9d6cb4cd2419d4eadfee681e7040be080ef6037872e7330cd35d02c5d0605419728e63a","ssdeep":"","tlshash":"0521ac91086ba200db570cc12ace7d36ad4f6162b040d5786ffd1dcced9ac212315b0d","first_seen":"2025-09-10T21:43:59.116074Z","last_seen":"2026-04-06T05:31:43.634662Z","times_seen":714,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-WGJ2192JZY","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:39:20 GMT","end":"Mon, 20 Apr 2026 08:39:19 GMT"},"fingerprint":{"sha1":"60:64:B6:72:E4:67:A4:EC:78:B2:F2:B8:3E:17:7A:A6:A8:CE:74:4C","sha256":"3E:71:C0:44:31:9B:1A:8A:23:FF:D9:4F:B9:3F:89:6D:7C:66:33:BE:14:26:CB:01:F2:79:BB:FE:F3:3A:71:98"}}},"request":{"raw":"GET /gtag/js?id=G-WGJ2192JZY HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 24 Feb 2026 14:02:13 GMT\r\nexpires: Tue, 24 Feb 2026 14:02:13 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 150994\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":457454,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6033)","md5":"c52e9a33d55449fd2e7e70d0fad200a9","sha1":"82e309b8e40ee5ecb6cd59ebfdfcf10c0725c6c3","sha256":"393919353a57dbdcbca8e265675e3408ac0340b02141e9a69635457ed57c0ac5","sha512":"8f23161930a57564f3ab6c0bba75f5c1e39926763b56915ad328e9b379478a904760557076f138d0ddc439d48a7cdb6c838a3744ef70129493f2f4d4337cbbc2","ssdeep":"6144:NfXmO7CW6yS73J5wYygLIR8Nyk7pNH08pddlmOrELkS5fenMcm0v:NLuW6yS7ADEIR855VrEff3E","tlshash":"62a41ace73d670269396f478503f018ba57b25a2b44dc89af189cce42d74a9a4237f7c","first_seen":"2026-02-24T14:02:40.199611Z","last_seen":"2026-02-24T14:02:40.199611Z","times_seen":1,"resource_available":true,"data":null}},"time_used":247,"timings":{"blocked":82,"dns":0,"connect":8,"send":0,"wait":35,"receive":30,"ssl":90},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/other/adzilla/flip_icon_fullpage/2/img/icon.jpg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 22:50:15 GMT","end":"Sat, 23 May 2026 23:48:46 GMT"},"fingerprint":{"sha1":"E0:64:EB:B0:39:B0:1B:31:05:CE:A0:93:C8:74:E7:A4:DE:D1:B3:77","sha256":"6D:BC:A3:C7:8F:67:2C:FE:E1:7A:88:EA:6C:8E:07:D4:1D:1F:CA:FD:54:30:02:80:22:B2:74:B5:95:C4:99:75"}}},"request":{"raw":"GET /sb/interstitial/other/adzilla/flip_icon_fullpage/2/img/icon.jpg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:15 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 96055\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:21:14 GMT\r\npriority: u=4,i=?0\r\netag: \"68c00daa-17737\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 199184\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f4SyAKyh%2F6qKiBUuh%2FZ4RnewlIgp83EGVWDoL2cGu2fkGn5%2BGJeAiZR2ulthqA4%2FQnLhJJHPFSed2L4KwcAyetjYRyvRyUIk%2FTAzx87RNbU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d2f7fe4ee29d9c3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":96055,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:39:44], progressive, precision 8, 300x250, components 3","md5":"cea1c2522ea23ff9805589bf49a8ae56","sha1":"d1575105c86e29e931c25250fc7295c5271cf084","sha256":"dff393c9f862d48bc9b68a9ec83e1a7326748a3d92a5916884961dfef0c8f0ea","sha512":"b7980259b7a0dd40cbd2b7d979d1ff304508460793fec5edfb60f07f7019ba81c297ab707b885f9f9ae1a7ed5de25dbf2e0daab75ffa0bf8d3e5d81cc77d1d66","ssdeep":"1536:6KgbTzLNKgbTzLsmSuBjRbi+ZbXB6iAcHUfhdFKj2vwsBLqG+UbP5D5:hg3zwg3zYuTbi+ZbR6iA3Jmj8sG+UT","tlshash":"c99302a85797daf3fdf0a1707081df4d2122bd46e2a3625ebd9c2706bb7435b498b041","first_seen":"2025-09-02T18:14:58.777112Z","last_seen":"2026-04-05T22:55:15.9447Z","times_seen":1059,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/assets/fonts/Lexend-Regular.woff2","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waves.lat","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 00:34:17 GMT","end":"Fri, 15 May 2026 00:34:16 GMT"},"fingerprint":{"sha1":"AB:7B:3A:A8:C3:DC:5E:16:FE:75:F0:2F:DB:35:8F:8B:18:7D:8B:0C","sha256":"46:52:82:59:82:73:1E:01:CB:9B:E5:EC:97:78:E2:54:6F:1B:9E:BB:AD:7E:6F:BD:47:B5:67:BD:4A:31:1A:97"}}},"request":{"raw":"GET /assets/fonts/Lexend-Regular.woff2 HTTP/1.1\r\nHost: waves.lat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://waves.lat/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-content-type-options: nosniff, nosniff\r\ncross-origin-opener-policy: same-origin\r\npermissions-policy: interest-cohort=(), payment=(), usb=(), geolocation=()\r\nx-frame-options: ALLOWALL\r\nx-powered-by: Express\r\ndate: Tue, 24 Feb 2026 14:02:13 GMT\r\norigin-agent-cluster: ?1\r\ncontent-type: font/woff2\r\nx-permitted-cross-domain-policies: none\r\nserver: Caddy\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400, public, max-age=31536000, immutable\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-xss-protection: 1; mode=block, 0\r\nreferrer-policy: no-referrer, no-referrer\r\ncross-origin-resource-policy: same-origin\r\naccept-ranges: bytes\r\nlast-modified: Fri, 30 Jan 2026 07:47:48 GMT\r\ncontent-length: 28224\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":28224,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28224, version 1.0","md5":"b1042264af1c56a5b370152d52511f40","sha1":"1c62f348228aeaff99eda1ca329f03bc31ee4598","sha256":"7ecdca6842d2eb1a0ce240fea2790adef4cf5ab5b50e4a6248d3e47aeee9e798","sha512":"9f443e41c1d412316fccf67bffb131367847a63b3ca95984233c8f3376ca724aaff7340be55e621d0b712f5d25001ea6acce18835200e29690e833ee41abd04a","ssdeep":"768:quDvpZ99Ipvb2/HsN+2th72gA3i5sZtI7iTOa/qZj5r:JLphIh2vI+WkM5sZtmiqt5r","tlshash":"b7c2e1ad67e93cc8f7b3d137778d3ef84919ebe062caaac0064c5dc91590d911a95107","first_seen":"2025-06-20T09:25:34.386407Z","last_seen":"2026-03-11T13:07:32.771026Z","times_seen":23,"resource_available":false,"data":null}},"time_used":3978,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":3879,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/b?id=2","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waves.lat","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 00:34:17 GMT","end":"Fri, 15 May 2026 00:34:16 GMT"},"fingerprint":{"sha1":"AB:7B:3A:A8:C3:DC:5E:16:FE:75:F0:2F:DB:35:8F:8B:18:7D:8B:0C","sha256":"46:52:82:59:82:73:1E:01:CB:9B:E5:EC:97:78:E2:54:6F:1B:9E:BB:AD:7E:6F:BD:47:B5:67:BD:4A:31:1A:97"}}},"request":{"raw":"GET /b?id=2 HTTP/1.1\r\nHost: waves.lat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://waves.lat/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400, public, max-age=31536000, immutable\r\npermissions-policy: interest-cohort=(), payment=(), usb=(), geolocation=()\r\nx-download-options: noopen\r\netag: W/\"2be87-vQtooea1w4rq/d8Y6nuQZgRSGVw\"\r\ncontent-type: application/javascript; charset=utf-8\r\nx-dns-prefetch-control: off\r\ncontent-encoding: br\r\nserver: Caddy\r\nx-content-type-options: nosniff, nosniff\r\nreferrer-policy: no-referrer, no-referrer\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncross-origin-opener-policy: same-origin\r\nx-permitted-cross-domain-policies: none\r\ndate: Tue, 24 Feb 2026 14:02:13 GMT\r\nx-frame-options: ALLOWALL\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\ncross-origin-resource-policy: same-origin\r\nx-xss-protection: 1; mode=block, 0\r\norigin-agent-cluster: ?1\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":179847,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (37022)","md5":"2ce8f423b3204958258844aca4952896","sha1":"b4ecf48a0933767fa54522be86a752e15cd56229","sha256":"61071328e274ed96fbf690c20dcf514414dc7fdfcfa855f50f87e5adfaa47508","sha512":"38010ceb8b6fa4531acebcdc09e76453a2362c9f3992787168e29cdf527c0b420618148b037ae226cdf9420d43bf5bd7e777e02fa02b66acb7e253173eaf8d22","ssdeep":"3072:jMLiQ4xjpYsYC//iRaN9gGX5+MpivDd80AEX321+20DDTG:jMLVsmRaTw5OEXm1+LLG","tlshash":"8f044cd636a0b7338fdb6298509f2600b23d11686049807cb6bcdce65ba4a4b537ff75","first_seen":"2026-02-24T14:02:40.205179Z","last_seen":"2026-02-24T14:02:40.205179Z","times_seen":1,"resource_available":false,"data":null}},"time_used":10503,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":10382,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-02-24","alert":"Hunting_JS_WebAssembly","trigger":"waves.lat/b?id=2","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/lexend/v26/wlpwgwvFAVdoq2_v-6QU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/lexend/v26/wlpwgwvFAVdoq2_v-6QU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 39680\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 21 Feb 2026 00:33:21 GMT\r\nexpires: Sun, 21 Feb 2027 00:33:21 GMT\r\ncache-control: public, max-age=31536000\r\nage: 307732\r\nlast-modified: Mon, 08 Sep 2025 18:15:35 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":39680,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 39680, version 1.0","md5":"2077a5271e5c1164bdd3fbe1744157a7","sha1":"91313f8a6f0a223205216ab3b6083d135dad61bd","sha256":"b7e7538f59bff1812841d7627f8e49e70fe86438f9f7b397a028c0d05301c874","sha512":"322ed8166992e29dc0be1e3e7d4f576cf1ef6bd70718ee142941271e31b195743c0f81bde2c0ca8e66693b668a7de9136be109b9fdbd5f92d0a2e2a41877988e","ssdeep":"768:p30StOXMA65YrEtTPMSzK/s7n0/YXUxK1SSI8e/x3aHCBiciuZW:p30SGMAWYQJMiK/k0/gUQ0S0kum","tlshash":"9a03014933314d5238093239ff91edefae57c321e908f9184594e58ffc8a71e5aa091a","first_seen":"2025-09-09T15:01:21.644742Z","last_seen":"2026-04-06T05:59:37.350743Z","times_seen":3994,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":92,"dns":1,"connect":21,"send":0,"wait":22,"receive":25,"ssl":67},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fother%2Fadzilla%2Fcircle%2F2-1%2Fjs%2Fscript.js\u0026l=573\u0026fd=27","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 21:44:44 GMT","end":"Sun, 24 May 2026 21:44:43 GMT"},"fingerprint":{"sha1":"4C:9B:DC:71:4E:6F:7E:04:5A:F2:21:54:DA:06:E8:A0:34:82:CB:86","sha256":"23:FF:1C:4C:C9:81:C7:C0:A0:EB:2B:81:77:68:85:F3:47:33:36:DE:71:C4:DB:B4:66:77:5F:24:24:B9:A7:89"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fother%2Fadzilla%2Fcircle%2F2-1%2Fjs%2Fscript.js\u0026l=573\u0026fd=27 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27289473=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/b?id=1","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waves.lat","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 00:34:17 GMT","end":"Fri, 15 May 2026 00:34:16 GMT"},"fingerprint":{"sha1":"AB:7B:3A:A8:C3:DC:5E:16:FE:75:F0:2F:DB:35:8F:8B:18:7D:8B:0C","sha256":"46:52:82:59:82:73:1E:01:CB:9B:E5:EC:97:78:E2:54:6F:1B:9E:BB:AD:7E:6F:BD:47:B5:67:BD:4A:31:1A:97"}}},"request":{"raw":"GET /b?id=1 HTTP/1.1\r\nHost: waves.lat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://waves.lat/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-xss-protection: 1; mode=block, 0\r\nx-permitted-cross-domain-policies: none\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Tue, 24 Feb 2026 14:02:13 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer, no-referrer\r\nx-content-type-options: nosniff, nosniff\r\nx-frame-options: ALLOWALL\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400, public, max-age=31536000, immutable\r\nvary: Accept-Encoding\r\ncross-origin-resource-policy: same-origin\r\nx-download-options: noopen\r\nserver: Caddy\r\npermissions-policy: interest-cohort=(), payment=(), usb=(), geolocation=()\r\ncontent-encoding: br\r\netag: W/\"218d-9mh+RSxCWNNIW6F1f/2X3WaYWfE\"\r\nx-dns-prefetch-control: off\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-powered-by: Express\r\ncross-origin-opener-policy: same-origin\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":8589,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (8554)","md5":"d6fb6efaada06db33826110942794112","sha1":"f6687e452c4258d3485ba1757ffd97dd669859f1","sha256":"1d56021f65ac6caf0e92b9c46d00f9a9045722766304fc6432f7927ced8a2c82","sha512":"aa60231d0276710aec2ce50b8e9f30fd9b112514cabd5146f9d84f8305c0360cd3ff234ef20e66937a6e153748d4dd83afc772b6ad8114d839f7f742fdde64d5","ssdeep":"192:Z4FBMoJDWTnqfyW8d76vR5UOy43oaxAkPccYLiMYeFOlYAKnY3M:Z4FBhDWTOy6vfUOy44occYuMYeFOlYAe","tlshash":"b902d7d0b0b524bec7a661d174d93201b265b1b4b714c0b4f73c2eff39da496a60af28","first_seen":"2025-12-01T00:51:41.584499Z","last_seen":"2026-04-05T12:24:04.110154Z","times_seen":357,"resource_available":true,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":103,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/assets/css/index.css","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waves.lat","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 00:34:17 GMT","end":"Fri, 15 May 2026 00:34:16 GMT"},"fingerprint":{"sha1":"AB:7B:3A:A8:C3:DC:5E:16:FE:75:F0:2F:DB:35:8F:8B:18:7D:8B:0C","sha256":"46:52:82:59:82:73:1E:01:CB:9B:E5:EC:97:78:E2:54:6F:1B:9E:BB:AD:7E:6F:BD:47:B5:67:BD:4A:31:1A:97"}}},"request":{"raw":"GET /assets/css/index.css HTTP/1.1\r\nHost: waves.lat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nx-dns-prefetch-control: off\r\netag: W/\"916-19c88f39cdb\"\r\ndate: Tue, 24 Feb 2026 14:02:13 GMT\r\norigin-agent-cluster: ?1\r\nx-permitted-cross-domain-policies: none\r\nx-download-options: noopen\r\nserver: Caddy\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400, public, max-age=0\r\npermissions-policy: interest-cohort=(), payment=(), usb=(), geolocation=()\r\ncontent-encoding: br\r\nx-content-type-options: nosniff, nosniff\r\nx-frame-options: ALLOWALL\r\nx-xss-protection: 1; mode=block, 0\r\nreferrer-policy: no-referrer, no-referrer\r\naccept-ranges: bytes\r\ncontent-type: text/html; charset=utf-8\r\nx-powered-by: Express\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\nlast-modified: Mon, 23 Feb 2026 05:23:12 GMT\r\nvary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fnotifications%2Fother%2Fadzilla%2Fcircle%2F2-1%2Findex.html\u0026l=1510\u0026fd=185","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:14.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 21:44:44 GMT","end":"Sun, 24 May 2026 21:44:43 GMT"},"fingerprint":{"sha1":"4C:9B:DC:71:4E:6F:7E:04:5A:F2:21:54:DA:06:E8:A0:34:82:CB:86","sha256":"23:FF:1C:4C:C9:81:C7:C0:A0:EB:2B:81:77:68:85:F3:47:33:36:DE:71:C4:DB:B4:66:77:5F:24:24:B9:A7:89"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fnotifications%2Fother%2Fadzilla%2Fcircle%2F2-1%2Findex.html\u0026l=1510\u0026fd=185 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27289473=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"09:4B:1C:B6:64:C5:97:5E:E3:CF:D9:FF:1A:01:C4:D8:D7:10:82:7A","sha256":"2F:A7:09:04:89:72:33:DE:1D:F8:A7:A6:EC:9F:0C:74:15:D5:B0:87:85:BE:25:63:1A:0E:73:0C:72:E3:CD:C8"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 24 Feb 2026 14:02:15 GMT\r\ndate: Tue, 24 Feb 2026 14:02:15 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"1936a90eef3ebd4c6b40eb59d72e164d","sha1":"4c698f8dc97e2e6186d46215e209aca1b1194a5d","sha256":"412d98c2f4410a048131a7d9362fb38456ce2ff67cd4731ea411708a7996a021","sha512":"07ad2431175e5566ae435738d94d4da3e96e4856a1fe1d5917c52474cab28808cd940fec0e8f75eb2f3d573e6fe8497fc12636ef4738d1b67e9144725192b580","ssdeep":"384:p9f59g9P9r9yU9/qY4+949Y9p9fM919W969yh9/qY4X9N9t949fd9k9D939yQ9/O:pDS99YURRuWDyjooYhREHPWP2ZZYQRVs","tlshash":"48721091041704009b834ce223cebf35fe1f52117142d0b5abfd9b6b9ddbca6526939d","first_seen":"2026-02-19T22:28:01.752187Z","last_seen":"2026-04-06T08:28:28.770734Z","times_seen":3146,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":87,"dns":1,"connect":22,"send":0,"wait":34,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/other/adzilla/circle/2-1/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.180Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 22:50:15 GMT","end":"Sat, 23 May 2026 23:48:46 GMT"},"fingerprint":{"sha1":"E0:64:EB:B0:39:B0:1B:31:05:CE:A0:93:C8:74:E7:A4:DE:D1:B3:77","sha256":"6D:BC:A3:C7:8F:67:2C:FE:E1:7A:88:EA:6C:8E:07:D4:1D:1F:CA:FD:54:30:02:80:22:B2:74:B5:95:C4:99:75"}}},"request":{"raw":"GET /sb/notifications/other/adzilla/circle/2-1/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:15 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:42:25 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nage: 466134\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E7qe9RrS5auFkm8mcSkDDbohc%2BErk6R3a64Tl8GDOdV5nmsDRd8RbEQkUKMYFfSHbNFwd0dQTLY7tO4vDNLKSqyNrEdPjSfk8Q8z%2FqhjrtY%3D\"}]}\r\netag: W/\"68c012a1-15d94\"\r\ncontent-encoding: br\r\ncf-ray: 9d2f7fe4de1ed9c3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89492,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"561acb3e541133bbdd2c0c19f8ee35a1","sha1":"ffd1353cf3f77d25f801c84d8208613eb0d3d548","sha256":"9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc","sha512":"8a647ed6f56b4da93c7a034609060991cc8080350f057f4f2af2c369f18af066db3b4e77701fc017027fd774264a6d0f84927239d7d2f693edc6f7d6a0917be3","ssdeep":"1536:YjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h5cApwEjOPrBeU6QLiTFbc0QlQvakV:YYh8eip3hXuf6IidlrvakdtQ47GKl","tlshash":"f993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:04:00Z","last_seen":"2026-04-05T13:23:52.248793Z","times_seen":6520,"resource_available":true,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.547Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 43136\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 24 Feb 2026 12:55:33 GMT\r\nexpires: Wed, 24 Feb 2027 12:55:33 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 18 Feb 2026 19:51:37 GMT\r\ncontent-type: font/woff2\r\nage: 4002\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43136,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43136, version 1.0","md5":"665db5e157d2138835c4037c971ff3a4","sha1":"41ca6b7e4818eb81531d8006ff7ddd971c640879","sha256":"1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc","sha512":"6c999466673c9873b1b112d6ab95c7cecb99467ea156e3e046b54c5f3d109c3845b05cbb2a0245d178430c7b2ceacd5110f7d8faf7e041100f44852b0c29fe9a","ssdeep":"768:tMTmVhyXCrekkraPAjrWMMWD3UJmw0FRwoglekm+hQ7//geceSF/mEQBPMAmDu5:cmHkCrHvPAjrWMMI3UJswogl4j7/hSlW","tlshash":"f9130231eb70ee59962c903454e7fda9433b1457d731aca80e99a1ce6f8103454facec","first_seen":"2026-02-19T22:27:43.350598Z","last_seen":"2026-04-06T09:13:39.557612Z","times_seen":65468,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/b?id=3","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waves.lat","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 00:34:17 GMT","end":"Fri, 15 May 2026 00:34:16 GMT"},"fingerprint":{"sha1":"AB:7B:3A:A8:C3:DC:5E:16:FE:75:F0:2F:DB:35:8F:8B:18:7D:8B:0C","sha256":"46:52:82:59:82:73:1E:01:CB:9B:E5:EC:97:78:E2:54:6F:1B:9E:BB:AD:7E:6F:BD:47:B5:67:BD:4A:31:1A:97"}}},"request":{"raw":"GET /b?id=3 HTTP/1.1\r\nHost: waves.lat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://waves.lat/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-content-type-options: nosniff, nosniff\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400, public, max-age=31536000, immutable\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Tue, 24 Feb 2026 14:02:13 GMT\r\nx-permitted-cross-domain-policies: none\r\ncontent-encoding: br\r\ncross-origin-resource-policy: same-origin\r\nx-frame-options: ALLOWALL\r\nx-xss-protection: 1; mode=block, 0\r\nx-dns-prefetch-control: off\r\norigin-agent-cluster: ?1\r\nx-download-options: noopen\r\nvary: Accept-Encoding\r\ncross-origin-opener-policy: same-origin\r\nserver: Caddy\r\nx-powered-by: Express\r\netag: W/\"56a51-ODQe8fVzpQkzMMSr+9SYFynBXAk\"\r\npermissions-policy: interest-cohort=(), payment=(), usb=(), geolocation=()\r\nreferrer-policy: no-referrer, no-referrer\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":354897,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17857), with NEL line terminators","md5":"5698e158e97368b1392ac36017554eba","sha1":"7db45e497d2af70fe93e5a78d8d1bab82843953f","sha256":"6ac202a32c22779e83d6cb59f75e48c443389ebb4b7da0091f3a65cb579fb77d","sha512":"3fac2cdf494d9bc4d5e226dd2f4f536c35cee1b2a1b977098f35dbb8c8366efb6979b91ebb1ebcc3a278630faf19c79c63521cac17d95691cc0e97135c8ac241","ssdeep":"6144:dG/74Eth4FnYS14QBJB1j7c0mDighmh0Ex:c/UIh4FnYS3BJXM0Ww","tlshash":"48744b293051772b5696d1a714af0332b9b14658b40e492cbf70ebeb7860d8b107b7f7","first_seen":"2026-02-24T14:02:40.213055Z","last_seen":"2026-02-24T14:02:40.213055Z","times_seen":1,"resource_available":false,"data":null}},"time_used":13875,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":13752,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:51:40 GMT","end":"Sun, 29 Mar 2026 00:51:39 GMT"},"fingerprint":{"sha1":"F3:CE:FF:C9:F8:70:23:18:40:13:70:96:1A:D1:FD:34:D3:CD:66:FC","sha256":"07:8C:A3:3F:1D:F1:E0:75:3D:26:20:F5:D5:75:64:CE:F7:40:6E:B7:BB:B9:EC:79:33:27:5F:51:2E:B0:12:E7"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:13 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a824f7bbb125b303d7e22448e7ab9192\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":60,"dns":1,"connect":18,"send":0,"wait":18,"receive":1,"ssl":43},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/sbar.json?key=a1376848d2be9154b24a145e7a3a8df6\u0026uuid=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f%3A1%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:14.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 21:44:44 GMT","end":"Sun, 24 May 2026 21:44:43 GMT"},"fingerprint":{"sha1":"4C:9B:DC:71:4E:6F:7E:04:5A:F2:21:54:DA:06:E8:A0:34:82:CB:86","sha256":"23:FF:1C:4C:C9:81:C7:C0:A0:EB:2B:81:77:68:85:F3:47:33:36:DE:71:C4:DB:B4:66:77:5F:24:24:B9:A7:89"}}},"request":{"raw":"GET /sbar.json?key=a1376848d2be9154b24a145e7a3a8df6\u0026uuid=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f%3A1%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:14 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 3717\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://waves.lat\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f:1:1; expires=Tue, 03 Mar 2026 14:02:14 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Wed, 25 Feb 2026 14:02:14 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Wed, 25 Feb 2026 14:02:14 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Wed, 25 Feb 2026 14:02:14 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Wed, 25 Feb 2026 14:02:14 GMT; path=/; secure; SameSite=None\nu_pl27289473=1; expires=Wed, 25 Feb 2026 14:02:14 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 28\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 539cf1033f66f08737d8cdb1444d4a59\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4767,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"9f59eb529236d058527ae93c13eacf0b","sha1":"38a410b05975a21e3a99b78c923089b9d018fd31","sha256":"67982f09d34f00e96948b3da4b3032cf17bcc89438a249ab9f2eff4c4f960f33","sha512":"49948cbe39acc2cbeefd059f8399b5c8bba57439be6b081c198caffa527d8b80bb9935bb1c899eec86f59a3f78ff688aef687b98d518fc0501ffa7903fd21796","ssdeep":"96:9zYr+ps0vOZaoCAASm+skBqa+t8uocEPTf1s8bPbySk02IR41nGo:9zRn5oCAAwfzc8NNbyT02IcnGo","tlshash":"56a14c3a146968476b9e8f0188911e741c86dc0b1278fe44c26dd3ff2637a219261a65","first_seen":"2026-02-24T14:02:40.215089Z","last_seen":"2026-02-24T14:02:40.215089Z","times_seen":1,"resource_available":false,"data":null}},"time_used":730,"timings":{"blocked":301,"dns":14,"connect":93,"send":0,"wait":126,"receive":1,"ssl":192},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/other/adzilla/circle/2-1/img/bg.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 22:50:15 GMT","end":"Sat, 23 May 2026 23:48:46 GMT"},"fingerprint":{"sha1":"E0:64:EB:B0:39:B0:1B:31:05:CE:A0:93:C8:74:E7:A4:DE:D1:B3:77","sha256":"6D:BC:A3:C7:8F:67:2C:FE:E1:7A:88:EA:6C:8E:07:D4:1D:1F:CA:FD:54:30:02:80:22:B2:74:B5:95:C4:99:75"}}},"request":{"raw":"GET /sb/notifications/other/adzilla/circle/2-1/img/bg.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 215062\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:42:22 GMT\r\npriority: u=4,i=?0\r\netag: \"68c0129e-34816\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 557771\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xcxXwSGrYKI88Lap9I%2BXQrrATJU3YDdPxZxx0lfLFy2IMjPDzZYqjx6GJWEoxuGn6GDTEyz81TvZgcyUJ6LzyP1gWqRzpWHiZTpJtmJdbdc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d2f7fe4de1ad9c3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":215062,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 503 x 500, 8-bit/color RGBA, non-interlaced","md5":"a38acf6ce41c91b995c0fb3543edfb69","sha1":"a52c52018eb7f45eda59f28192d5e0b55dcad7a3","sha256":"9aaadd8fcd5dc354bea533916301d31d5be57b1e98bdbfe2659735b23329c2d6","sha512":"ea4afdf1bec5a897214cb2a9baa900b9e057205b6db24ea35b772765e9ac1ec2d55719dafd3e5849863f6ee4c86714968fee3b3cad5c9cf9963110cdbce927eb","ssdeep":"6144:Yjhv/xKOtD2N6EE6x1loEEv8GIxy/AxszSJUPqnY:6v/sOtD2NsI1lNEvas+J4qY","tlshash":"4e241215afeec2a6011548d4e5a08032557cee7cd6b44d2ac8339acf8f5a9c9d713ebc","first_seen":"2025-09-14T23:01:21.66578Z","last_seen":"2026-03-31T06:41:18.933835Z","times_seen":117,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openairtowhardworking.com/9d/5d/7e/9d5d7e8864b7a6d89223a8dacb1b9fd8.js","fqdn":"openairtowhardworking.com","domain":"openairtowhardworking.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"openairtowhardworking.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 06 Jan 2026 08:11:56 GMT","end":"Mon, 06 Apr 2026 08:11:55 GMT"},"fingerprint":{"sha1":"34:8B:F0:07:AD:C3:A7:8F:73:96:A0:68:4C:83:08:02:28:98:45:D6","sha256":"AE:72:A7:43:41:3D:30:CE:CD:96:7E:F8:EC:18:6F:BD:88:9E:40:49:1D:84:4A:17:A1:35:35:2E:7F:16:D2:5A"}}},"request":{"raw":"GET /9d/5d/7e/9d5d7e8864b7a6d89223a8dacb1b9fd8.js HTTP/1.1\r\nHost: openairtowhardworking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:13 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 34697\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: openairtowhardworking.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5c98a4aec6ef9ecb1c70e2da54a1059e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92208,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"3447a2290a96a5c820230152f4560f54","sha1":"d946598097c376457f4d6053340c450b09478f38","sha256":"9d77b6c04a042f72ba4a98afdc5544bfb01271e268a5424624adf64aad79bff0","sha512":"6fd40209b09ca7dbcfa1a797d5604e07622b5e4d2fb9f09ade275e81df426449eaf7d35a21cc7c7ccd498e698d336794400d11b809db4ad8d2c5fca6d5dfb235","ssdeep":"1536:bEt9tilKqAGQDSAiLoHL0cTIgV2BOPsuUd7s/KwR1UwurV4aYLuvGgIo5+phrtXj:bJlKTGQDSAiLoHQcTIgV2BGsuUd7s/Km","tlshash":"8093d84c3f82b0d41397707b762f902bf23b5c955868e88de243adac5da9719a337e05","first_seen":"2026-02-24T14:02:40.217569Z","last_seen":"2026-02-24T14:02:40.217569Z","times_seen":1,"resource_available":true,"data":null}},"time_used":846,"timings":{"blocked":319,"dns":61,"connect":91,"send":0,"wait":96,"receive":92,"ssl":184},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"openairtowhardworking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-creative1.com/sb/interstitial/other/adzilla/flip_icon_fullpage/2/index.html","fqdn":"cdn.show-creative1.com","domain":"show-creative1.com","tld":"com"},"ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:14.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-creative1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 22:00:04 GMT","end":"Sun, 03 May 2026 22:58:27 GMT"},"fingerprint":{"sha1":"FA:63:AA:B4:65:DE:EB:50:F5:A0:F4:25:77:0E:E1:56:4B:9C:C5:1A","sha256":"00:CF:18:86:D3:98:19:21:01:C5:18:5F:25:57:AA:F6:D3:DA:44:53:A5:D9:94:57:ED:F3:B1:AA:3A:3D:38:9C"}}},"request":{"raw":"GET /sb/interstitial/other/adzilla/flip_icon_fullpage/2/index.html HTTP/1.1\r\nHost: cdn.show-creative1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:14 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:21:04 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rJDwx7L1ArUsRuxpi1Z%2BeuK6qOwfuOtpyuzCrGe2XV2IwFwPJpJ2V9RLVmexcrUZ29cnsTFmAVcEaOfTmE0SDPIojb57wAJqc3EIqJBwbRX7YvphBiA%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9d2f7fe2b8bd7dde-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1442,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"22c5334e80e6dd391b246af94daafe9d","sha1":"0757c3ed534238f11e69cc182deb90c9d2b50541","sha256":"c275a55fccda14e83cc02f7f28ab7bc8d4898d46220599ee24474d189674f2ac","sha512":"400389bcd8a29beba2c9333ec4d612bb87dcfa08599fd52c0438a240a5b9bbfe3e9978dad04d1349e40c4a7075fd78c282643f739f19195fe3adf6fdbf0abd95","ssdeep":"","tlshash":"2921eb166decd9b22093a591bf302f37ecd1f4878c4a580073bc06108f97ea4c81b25b","first_seen":"2025-09-13T17:52:06.422134Z","last_seen":"2026-04-03T04:11:11.099724Z","times_seen":96,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":35,"dns":1,"connect":8,"send":0,"wait":118,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cdn.show-creative1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/other/adzilla/circle/2-1/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:14.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 22:50:15 GMT","end":"Sat, 23 May 2026 23:48:46 GMT"},"fingerprint":{"sha1":"E0:64:EB:B0:39:B0:1B:31:05:CE:A0:93:C8:74:E7:A4:DE:D1:B3:77","sha256":"6D:BC:A3:C7:8F:67:2C:FE:E1:7A:88:EA:6C:8E:07:D4:1D:1F:CA:FD:54:30:02:80:22:B2:74:B5:95:C4:99:75"}}},"request":{"raw":"GET /sb/notifications/other/adzilla/circle/2-1/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:15 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:42:19 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68c0129b-13365\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 85854\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f3YyuNCRpVXNVNlq4S1HiY48xiRX5SZp1Zw1u239572op6w%2F6uz0WKxmKUYpCz0kbX%2B0%2BLnsnmhBGx4LKOc8EjDHc1FEWmxA8XBrKtRm%2FSQ%3D\"}]}\r\ncf-ray: 9d2f7fe40d97f3c7-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78693,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"5982c5377696d20476871062646b253f","sha1":"8bf2c93fa9ccc908f7df0fb7abb911bbac3e4242","sha256":"4e23a6449e6ef4614f0107cecf5c9eda75d2041c7c71f4a55d45f2a7e75450f4","sha512":"92592dac2a817293e8ec1d94bf99df639626a90d524420b01a12210398927c0650cc26fa8e730300096b29961563aa02efb707478c6d51ac8616bb1bde5a0cb2","ssdeep":"384:jvuAuF81dghu3uFlZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uhu7uNKwZiMUL6Vpaj7F","tlshash":"1d731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-02-12T20:28:38Z","last_seen":"2026-04-06T07:52:28.371854Z","times_seen":6276,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":41,"dns":1,"connect":11,"send":0,"wait":15,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/other/adzilla/flip_icon_fullpage/2/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 22:50:15 GMT","end":"Sat, 23 May 2026 23:48:46 GMT"},"fingerprint":{"sha1":"E0:64:EB:B0:39:B0:1B:31:05:CE:A0:93:C8:74:E7:A4:DE:D1:B3:77","sha256":"6D:BC:A3:C7:8F:67:2C:FE:E1:7A:88:EA:6C:8E:07:D4:1D:1F:CA:FD:54:30:02:80:22:B2:74:B5:95:C4:99:75"}}},"request":{"raw":"GET /sb/interstitial/other/adzilla/flip_icon_fullpage/2/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:15 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:21:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68c00da2-13365\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 69364\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EnhkPiOrVm7u4CRYUSdmFA%2FXnP0RdJVOQxvaYDygEtCiRhxeBbaTqz8EkmDQTvbfWd4npA7io%2Fflr7llyUbzmRMU%2FYlvQXqthHS1x7OVsd0%3D\"}]}\r\ncf-ray: 9d2f7fe42dfef3c7-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78693,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"5982c5377696d20476871062646b253f","sha1":"8bf2c93fa9ccc908f7df0fb7abb911bbac3e4242","sha256":"4e23a6449e6ef4614f0107cecf5c9eda75d2041c7c71f4a55d45f2a7e75450f4","sha512":"92592dac2a817293e8ec1d94bf99df639626a90d524420b01a12210398927c0650cc26fa8e730300096b29961563aa02efb707478c6d51ac8616bb1bde5a0cb2","ssdeep":"384:jvuAuF81dghu3uFlZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uhu7uNKwZiMUL6Vpaj7F","tlshash":"1d731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-02-12T20:28:38Z","last_seen":"2026-04-06T07:52:28.371854Z","times_seen":6276,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":44,"dns":0,"connect":11,"send":0,"wait":15,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/assets/css/81bd85406c.css","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waves.lat","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 00:34:17 GMT","end":"Fri, 15 May 2026 00:34:16 GMT"},"fingerprint":{"sha1":"AB:7B:3A:A8:C3:DC:5E:16:FE:75:F0:2F:DB:35:8F:8B:18:7D:8B:0C","sha256":"46:52:82:59:82:73:1E:01:CB:9B:E5:EC:97:78:E2:54:6F:1B:9E:BB:AD:7E:6F:BD:47:B5:67:BD:4A:31:1A:97"}}},"request":{"raw":"GET /assets/css/81bd85406c.css HTTP/1.1\r\nHost: waves.lat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://waves.lat/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-frame-options: ALLOWALL\r\ncontent-length: 7557\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400, public, max-age=31536000, immutable\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nlast-modified: Mon, 23 Feb 2026 05:23:12 GMT\r\ncontent-type: text/css; charset=utf-8\r\netag: W/\"1d85-19c88f39d33\"\r\nx-xss-protection: 1; mode=block, 0\r\nreferrer-policy: no-referrer, no-referrer\r\ncross-origin-opener-policy: same-origin\r\ndate: Tue, 24 Feb 2026 14:02:13 GMT\r\nx-dns-prefetch-control: off\r\nx-permitted-cross-domain-policies: none\r\ncontent-encoding: br\r\nserver: Caddy\r\npermissions-policy: interest-cohort=(), payment=(), usb=(), geolocation=()\r\ncross-origin-resource-policy: same-origin\r\nx-download-options: noopen\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\norigin-agent-cluster: ?1\r\nx-content-type-options: nosniff, nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":45488,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (45484), with no line terminators","md5":"81bd85406ca7f7a4d231714b6d6fb925","sha1":"1ed24e2f65fef85e223821068805874701feee7b","sha256":"54dbb2cb97310064d61732dc9d88a6b1ea50ea91dab4a2520da83651d9c6783b","sha512":"84a7f45835870d9232ecb77a64588ff7c98fc051ed113edf82c0b05b5a4bee1f7bd4ad8e7cd27eff73fe7320cb7b03f6085edc8d8e5a8248c87ec43d186d2d75","ssdeep":"384:AOk/zweeZO9rTbX/sIqBN2EHegO7k2T3H0Fv/CbDOoiIUCo+1Stq2ob1SCZHYjxg:AgonwI8BzO7jwK3Oop8+qqb8Fg/z","tlshash":"4813c432e645211df22bc2a978c0b7c99239c153fa331bbeb5a6f531c2c619b1637749","first_seen":"2026-02-24T14:02:40.220227Z","last_seen":"2026-03-05T13:19:58.065271Z","times_seen":2,"resource_available":false,"data":null}},"time_used":496,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":397,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/b?id=4","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waves.lat","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 00:34:17 GMT","end":"Fri, 15 May 2026 00:34:16 GMT"},"fingerprint":{"sha1":"AB:7B:3A:A8:C3:DC:5E:16:FE:75:F0:2F:DB:35:8F:8B:18:7D:8B:0C","sha256":"46:52:82:59:82:73:1E:01:CB:9B:E5:EC:97:78:E2:54:6F:1B:9E:BB:AD:7E:6F:BD:47:B5:67:BD:4A:31:1A:97"}}},"request":{"raw":"GET /b?id=4 HTTP/1.1\r\nHost: waves.lat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://waves.lat/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Caddy\r\nx-content-type-options: nosniff, nosniff\r\nx-frame-options: ALLOWALL\r\netag: W/\"10b-/GLjsrHCgF2ogecg9XZoaGLcyMU\"\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400, public, max-age=31536000, immutable\r\nreferrer-policy: no-referrer, no-referrer\r\nx-permitted-cross-domain-policies: none\r\ndate: Tue, 24 Feb 2026 14:02:13 GMT\r\ncross-origin-opener-policy: same-origin\r\nx-dns-prefetch-control: off\r\npermissions-policy: interest-cohort=(), payment=(), usb=(), geolocation=()\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-xss-protection: 1; mode=block, 0\r\ncross-origin-resource-policy: same-origin\r\ncontent-length: 267\r\nvary: Accept-Encoding\r\nx-download-options: noopen\r\ncontent-type: application/javascript; charset=utf-8\r\nx-powered-by: Express\r\norigin-agent-cluster: ?1\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":267,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"17a6aedffdf53c8aac38a1b68b69701b","sha1":"fc62e3b2b1c2805da881e720f576686862dcc8c5","sha256":"994dae5c6da0b8a28f7e45577ed9624abdfac2e5849738b66742f8b2b92f880f","sha512":"196e23cc05c84316574b108b7afc55226416d1310f9b533c7dec8fd0c757bd41bc18a3eda8917c1f7fa4845eb8d365d4be23739ea268781067aad5a65f04a53c","ssdeep":"","tlshash":"b7d02ece0eee1e801bc0c2c3e0af44184faa16420e3dc0580e24ab280f00abc322101c","first_seen":"2025-08-28T11:14:56.317304Z","last_seen":"2026-03-11T13:07:32.795698Z","times_seen":14,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/sbar.json?key=9d5d7e8864b7a6d89223a8dacb1b9fd8\u0026uuid=62682266-af76-415a-9150-2edbba088488%3A2%3A1","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:14.301Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /sbar.json?key=9d5d7e8864b7a6d89223a8dacb1b9fd8\u0026uuid=62682266-af76-415a-9150-2edbba088488%3A2%3A1 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:14 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 3746\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://waves.lat\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=62682266-af76-415a-9150-2edbba088488:2:1; expires=Tue, 03 Mar 2026 14:02:14 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Wed, 25 Feb 2026 14:02:14 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Wed, 25 Feb 2026 14:02:14 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Wed, 25 Feb 2026 14:02:14 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Wed, 25 Feb 2026 14:02:14 GMT; path=/; secure; SameSite=None\nu_pl27484197=1; expires=Wed, 25 Feb 2026 14:02:14 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 29\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: aa34d0218ba1ee9ca6268701d19252a9\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":4805,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"b755bd254abdf511378557ec7137a15c","sha1":"b5726a71890604c1a7fa6c3e8134f02d30ea7ac9","sha256":"32f7ec22bafba7310a4392bf6845b6eff1a611fb1b9bb8b0950b41bba345fc58","sha512":"e50f35c6a33078a1e598bd74f88d1e552caa89dcdaa0eaf41ec6a031217141b3497d1d4453d7d1c33495e3c1c5096e78a7befd8bfa47622e6d389e74d0675afb","ssdeep":"96:9/ZI7U0Jai1kF3gsLqfvq22D361y/82CuKyeGCzUJGP361yQY25yJe1WoPODtA+:9RIw0rS3gsLCq22D3KytCudzIP3Ky6UR","tlshash":"6aa15dab533874f552c94c701f781cb46c801d1b506e9972c90fe64f1d6b8b2ed16199","first_seen":"2026-02-24T14:02:40.222022Z","last_seen":"2026-02-24T14:02:40.222022Z","times_seen":1,"resource_available":false,"data":null}},"time_used":747,"timings":{"blocked":310,"dns":28,"connect":93,"send":0,"wait":126,"receive":0,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Fother%2Fadzilla%2Fflip_icon_fullpage%2F2%2Findex.html\u0026l=1442\u0026fd=174","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 21:44:44 GMT","end":"Sun, 24 May 2026 21:44:43 GMT"},"fingerprint":{"sha1":"4C:9B:DC:71:4E:6F:7E:04:5A:F2:21:54:DA:06:E8:A0:34:82:CB:86","sha256":"23:FF:1C:4C:C9:81:C7:C0:A0:EB:2B:81:77:68:85:F3:47:33:36:DE:71:C4:DB:B4:66:77:5F:24:24:B9:A7:89"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Fother%2Fadzilla%2Fflip_icon_fullpage%2F2%2Findex.html\u0026l=1442\u0026fd=174 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27289473=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":176,"timings":{"blocked":82,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/other/adzilla/flip_icon_fullpage/2/img/close.svg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 22:50:15 GMT","end":"Sat, 23 May 2026 23:48:46 GMT"},"fingerprint":{"sha1":"E0:64:EB:B0:39:B0:1B:31:05:CE:A0:93:C8:74:E7:A4:DE:D1:B3:77","sha256":"6D:BC:A3:C7:8F:67:2C:FE:E1:7A:88:EA:6C:8E:07:D4:1D:1F:CA:FD:54:30:02:80:22:B2:74:B5:95:C4:99:75"}}},"request":{"raw":"GET /sb/interstitial/other/adzilla/flip_icon_fullpage/2/img/close.svg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:15 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:21:14 GMT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nage: 557506\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2%2FbZgfj43Ot7gbhrBdGB%2FMIHfZRe%2Bubv7UBKMhrg8YTzlU9umIztwOAkw%2BrioVh%2B%2FITpbxIy6Cy5jSjTSzRaXVcolM%2FuLEaJUed0Gfg7EK0%3D\"}]}\r\netag: W/\"68c00daa-4ff\"\r\ncontent-encoding: br\r\ncf-ray: 9d2f7fe4ee25d9c3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1279,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"369850b9873659adf0951d845f57dba1","sha1":"a64257186daa33b6b318943a457b6cf8d80b26b6","sha256":"9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21","sha512":"6441b40e85c86e21362c7061a6b9610f52a5c801b274b246711546ad45c68c3e7f2f242f1621b90967eaeebf52709545d06283c2015d6b9ad7f6f7d37fb14a88","ssdeep":"","tlshash":"6821d8dc958f223ef324ff6189b316606ba423f6bb18c5bcb199a8157e1cb910c48e14","first_seen":"2023-04-07T22:39:47Z","last_seen":"2026-04-06T08:28:28.837226Z","times_seen":8802,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fother%2Fadzilla%2Fcircle%2F2-1%2Fcss%2Fanimate.css\u0026l=78693\u0026fd=88","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 21:44:44 GMT","end":"Sun, 24 May 2026 21:44:43 GMT"},"fingerprint":{"sha1":"4C:9B:DC:71:4E:6F:7E:04:5A:F2:21:54:DA:06:E8:A0:34:82:CB:86","sha256":"23:FF:1C:4C:C9:81:C7:C0:A0:EB:2B:81:77:68:85:F3:47:33:36:DE:71:C4:DB:B4:66:77:5F:24:24:B9:A7:89"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fother%2Fadzilla%2Fcircle%2F2-1%2Fcss%2Fanimate.css\u0026l=78693\u0026fd=88 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27289473=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":647,"timings":{"blocked":267,"dns":1,"connect":92,"send":0,"wait":98,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openairtowhardworking.com/a1/37/68/a1376848d2be9154b24a145e7a3a8df6.js","fqdn":"openairtowhardworking.com","domain":"openairtowhardworking.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"openairtowhardworking.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 06 Jan 2026 08:11:56 GMT","end":"Mon, 06 Apr 2026 08:11:55 GMT"},"fingerprint":{"sha1":"34:8B:F0:07:AD:C3:A7:8F:73:96:A0:68:4C:83:08:02:28:98:45:D6","sha256":"AE:72:A7:43:41:3D:30:CE:CD:96:7E:F8:EC:18:6F:BD:88:9E:40:49:1D:84:4A:17:A1:35:35:2E:7F:16:D2:5A"}}},"request":{"raw":"GET /a1/37/68/a1376848d2be9154b24a145e7a3a8df6.js HTTP/1.1\r\nHost: openairtowhardworking.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:13 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 34734\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: openairtowhardworking.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: fa809ee6284768377e3babd25c764044\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":92276,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"13b95764b901df80f16dc42e4a4347e9","sha1":"334a343fa8713abf6c8280ea87894abc189772d9","sha256":"d7c878e99ca2293f5883e9db288a757382299e20ec615aebbca97d5ff7c6d3ad","sha512":"da1e314bb09a9ea22436037e60ae4f1635f52181df81c47dbd47e867b7b824c564aa0f49030adf71a43a93f0f102684867491c474b5051b9b98851f3ea0226ce","ssdeep":"1536:bEy9oiLKqAGQDSAiLoHL0cTIgV2BOPsuUd7s/KwR1iwurV4aYLuvGgIo5+phrtXV:bNLKTGQDSAiLoHQcTIgV2BGsuUd7s/KC","tlshash":"2593d84c3f82b0d41397707b762f902bf23b5c955868d88de243adac5da9719a337e05","first_seen":"2026-02-24T14:02:40.223953Z","last_seen":"2026-02-24T14:02:40.223953Z","times_seen":1,"resource_available":true,"data":null}},"time_used":865,"timings":{"blocked":328,"dns":60,"connect":94,"send":0,"wait":97,"receive":93,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"openairtowhardworking.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"63.176.181.205","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.831Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"statistics.it.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 18 Feb 2026 00:00:00 GMT","end":"Fri, 19 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"FF:73:E7:93:27:CB:4F:C3:84:85:D5:0E:06:52:E6:94:2D:2B:A5:C6","sha256":"09:27:72:13:57:CD:B4:25:3A:BE:58:AD:CC:13:D2:7D:D4:D4:F6:12:80:69:D9:B9:38:71:43:36:A9:56:FE:70"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:13 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://waves.lat\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f:1:1; expires=Fri, 22 Feb 2036 14:02:13 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"0d26c111347ec04e10d5357d18ff516b","sha1":"6f51dddac933a5b9b57a735966265719ba896709","sha256":"9f76bc3d29bb724208a047499f879a94e7c04d236cfa9d07e3f11d25d5a1fbae","sha512":"603b574d0383084edeb8a8d58f9f01136a4a2a20f81d2bf700bb778659cb0989d65a7930760964470474554e7588413d8ce379302f32841e518c11212bf5be1e","ssdeep":"","tlshash":"c3900413c5735d410551f1140075035444c15140cd4100505547c575513151c515df11","first_seen":"2026-02-24T14:02:40.225023Z","last_seen":"2026-02-24T14:02:40.225023Z","times_seen":1,"resource_available":false,"data":null}},"time_used":292,"timings":{"blocked":155,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":116},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"protrafficinspector.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"63.176.181.205","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"statistics.it.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 18 Feb 2026 00:00:00 GMT","end":"Fri, 19 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"FF:73:E7:93:27:CB:4F:C3:84:85:D5:0E:06:52:E6:94:2D:2B:A5:C6","sha256":"09:27:72:13:57:CD:B4:25:3A:BE:58:AD:CC:13:D2:7D:D4:D4:F6:12:80:69:D9:B9:38:71:43:36:A9:56:FE:70"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:13 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://waves.lat\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=39181050-aa3f-425b-b72c-ad92c93443f6:3:1; expires=Fri, 22 Feb 2036 14:02:13 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"8eefb6a98666d3400615eb792d0bc4b3","sha1":"03e187bf000f9e48715cfc0f3e1aa8f830aa57e8","sha256":"0ddfc07ae0575d1dca0cef4b0ea20797a79bd4ffaeea1a703d1b2269ef38e681","sha512":"99dffcd594c8e4ef3064fad622f3f1ca1fcde0b117861729b6c8e8957baf08729f766320b1701fd8eeb4454c266ff4eadd6d82bd763e3ae19fd91974634d9c25","ssdeep":"","tlshash":"b19004d5074004c001f11d01cd5c0d5c1c13041d543f35755740514d551030545dd541","first_seen":"2026-02-24T14:02:40.226294Z","last_seen":"2026-02-24T14:02:40.226294Z","times_seen":1,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":1,"connect":23,"send":0,"wait":22,"receive":0,"ssl":121},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"protrafficinspector.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/ren.gif?sid=H4sIAAAAAAAC_1RSv2_kRBgd5yIKKBAE0SG5AAES2dher2Nz3YkfDZecuENXICFmPPbmY2c9xjPe3dsqxyEKqtBRgPC-TS5CQvz4C0AbOiSkc7fFpeEvQEhXo01WCkzx_Zg3Gr3vve-LWX3OtlHz5a2bekpK8Z1ex3Nfu0uF1GPj7t1xfa_jXXfvUhGF193JKlSjN_1u2PFed9_N0oHeCTzf83zPd9-hKsv1ZOcCBZU_JH4n8Tph0PF7ISbV_3tTOzDcgRyds-dBsn32r_xDULpAMfz5rcwMrC7feHtYK251hZE8_aAYFHpcYHhV5pWDvDhdv4Y2LWNfb0AXp-sJoEfHqwkgqGUbLz6GKE7XNCFGJ5dMhUJWQMhnMB4tkKkFiC-Q6gcg-YgBqcTePorhwz1djfm9S5Sv0JZtPvkHNG7Z5uMXUAx_vKFo4t7WqrakC4NJ3oAmC1B_gbI-g506oPEZUvsZSP7Jdp68h2J4vG-UBsnly1EQxUEQRds83422Q7_HtxO_520HmRSCe3EcxvGFRJQvwM0GauOgJgd17qAuHQzl0g29OEx93o3yRKa7XsjDUGbCS-LA83iS7qJO74PkEdLqEGV1iAEdwRw0MNKBsQwj2ZxIZQLTPJTK1MJf52Cdu81c2_6Mn2jbzwoGXh2hks0xlZ-aB0jttfk0N3KuV4EL28y5kM2cpN2YlefsuZVuzvzjVzDIlm4ie3I3i-MoFLs8knESBF0eS54KXyS5jGGoAZkNcONgSi27dfAdSmrZq0e_QvAzGHWGlBzw-iXwcQN-0GBafG-ywtqO0gpSNyjtJuw9Z6bO2db8_Ts3frvw7qMtjSz9g60P0qpBWTX4hH5n6Kv7v-yXloY05Sszb1tus6fAqWVP__0lUmrZ1qNrF3vVu_kN0vIQprz6y2gGUTpQxKCyq3suGpj_9OKqnpnP0a8cCOXMhaqcY6Eq9dUlTUNLtxeIbhTHUZZHMu_KbtCVSc_LkpAnUZiEPVjT0rc_5f8GAAD__5Pzzl3VAwAA","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:14.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSv2_kRBgd5yIKKBAE0SG5AAES2dher2Nz3YkfDZecuENXICFmPPbmY2c9xjPe3dsqxyEKqtBRgPC-TS5CQvz4C0AbOiSkc7fFpeEvQEhXo01WCkzx_Zg3Gr3vve-LWX3OtlHz5a2bekpK8Z1ex3Nfu0uF1GPj7t1xfa_jXXfvUhGF193JKlSjN_1u2PFed9_N0oHeCTzf83zPd9-hKsv1ZOcCBZU_JH4n8Tph0PF7ISbV_3tTOzDcgRyds-dBsn32r_xDULpAMfz5rcwMrC7feHtYK251hZE8_aAYFHpcYHhV5pWDvDhdv4Y2LWNfb0AXp-sJoEfHqwkgqGUbLz6GKE7XNCFGJ5dMhUJWQMhnMB4tkKkFiC-Q6gcg-YgBqcTePorhwz1djfm9S5Sv0JZtPvkHNG7Z5uMXUAx_vKFo4t7WqrakC4NJ3oAmC1B_gbI-g506oPEZUvsZSP7Jdp68h2J4vG-UBsnly1EQxUEQRds83422Q7_HtxO_520HmRSCe3EcxvGFRJQvwM0GauOgJgd17qAuHQzl0g29OEx93o3yRKa7XsjDUGbCS-LA83iS7qJO74PkEdLqEGV1iAEdwRw0MNKBsQwj2ZxIZQLTPJTK1MJf52Cdu81c2_6Mn2jbzwoGXh2hks0xlZ-aB0jttfk0N3KuV4EL28y5kM2cpN2YlefsuZVuzvzjVzDIlm4ie3I3i-MoFLs8knESBF0eS54KXyS5jGGoAZkNcONgSi27dfAdSmrZq0e_QvAzGHWGlBzw-iXwcQN-0GBafG-ywtqO0gpSNyjtJuw9Z6bO2db8_Ts3frvw7qMtjSz9g60P0qpBWTX4hH5n6Kv7v-yXloY05Sszb1tus6fAqWVP__0lUmrZ1qNrF3vVu_kN0vIQprz6y2gGUTpQxKCyq3suGpj_9OKqnpnP0a8cCOXMhaqcY6Eq9dUlTUNLtxeIbhTHUZZHMu_KbtCVSc_LkpAnUZiEPVjT0rc_5f8GAAD__5Pzzl3VAwAA HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=62682266-af76-415a-9150-2edbba088488:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27484197=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:14 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f16c109341da91534c58e68aab89488e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Fother%2Fadzilla%2Fflip_icon_fullpage%2F2%2Fjs%2Fscript.js\u0026l=397\u0026fd=58","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 21:44:44 GMT","end":"Sun, 24 May 2026 21:44:43 GMT"},"fingerprint":{"sha1":"4C:9B:DC:71:4E:6F:7E:04:5A:F2:21:54:DA:06:E8:A0:34:82:CB:86","sha256":"23:FF:1C:4C:C9:81:C7:C0:A0:EB:2B:81:77:68:85:F3:47:33:36:DE:71:C4:DB:B4:66:77:5F:24:24:B9:A7:89"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Fother%2Fadzilla%2Fflip_icon_fullpage%2F2%2Fjs%2Fscript.js\u0026l=397\u0026fd=58 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27289473=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":655,"timings":{"blocked":274,"dns":0,"connect":93,"send":0,"wait":95,"receive":0,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-24T14:02:12.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waves.lat","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 00:34:17 GMT","end":"Fri, 15 May 2026 00:34:16 GMT"},"fingerprint":{"sha1":"AB:7B:3A:A8:C3:DC:5E:16:FE:75:F0:2F:DB:35:8F:8B:18:7D:8B:0C","sha256":"46:52:82:59:82:73:1E:01:CB:9B:E5:EC:97:78:E2:54:6F:1B:9E:BB:AD:7E:6F:BD:47:B5:67:BD:4A:31:1A:97"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: waves.lat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400, public, max-age=0\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\ndate: Tue, 24 Feb 2026 14:02:12 GMT\r\netag: W/\"863a-19c88f39cdb\"\r\nlast-modified: Mon, 23 Feb 2026 05:23:12 GMT\r\nlink: \u003c/assets/css/index.css\u003e; rel=preload; as=style, \u003c/assets/fonts/Lexend-Regular.woff2\u003e; rel=preload; as=font; crossorigin\r\norigin-agent-cluster: ?1\r\npermissions-policy: interest-cohort=(), payment=(), usb=(), geolocation=()\r\nreferrer-policy: no-referrer, no-referrer\r\nserver: Caddy\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff, nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: ALLOWALL\r\nx-permitted-cross-domain-policies: none\r\nx-powered-by: Express\r\nx-xss-protection: 1; mode=block, 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34362,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (369)","md5":"882732621632e55d7330ebe14feb415c","sha1":"c86508164612cc8a5f81e5d8105ed2ccbfa67403","sha256":"3c53875f7f6f422362b9e7c24a76988e0d312e83b9e08dcfc36871298876a6a0","sha512":"f83d5185fd81315995dc9003f788fa34b2bbbe8a01463a78703f02cc12f382d7a84426b5674aa0e5ba9f640031ad3489ff194dea93cce95c15f7fba40905c2e2","ssdeep":"384:4TUBUHbCibK4YoLK2LnLsRMRMRKYjreGM:bUHbC+K8noRMRMRmN","tlshash":"cdf2c77216f8082f32628651b7b4335e7d02e507c80b9545f5be0ae89fb3d9bd81376a","first_seen":"2026-02-24T14:02:40.227589Z","last_seen":"2026-02-24T14:02:40.227589Z","times_seen":1,"resource_available":true,"data":null}},"time_used":540,"timings":{"blocked":221,"dns":7,"connect":102,"send":0,"wait":98,"receive":0,"ssl":109},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/assets/fonts/Lexend-Regular.woff2","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waves.lat","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 00:34:17 GMT","end":"Fri, 15 May 2026 00:34:16 GMT"},"fingerprint":{"sha1":"AB:7B:3A:A8:C3:DC:5E:16:FE:75:F0:2F:DB:35:8F:8B:18:7D:8B:0C","sha256":"46:52:82:59:82:73:1E:01:CB:9B:E5:EC:97:78:E2:54:6F:1B:9E:BB:AD:7E:6F:BD:47:B5:67:BD:4A:31:1A:97"}}},"request":{"raw":"GET /assets/fonts/Lexend-Regular.woff2 HTTP/1.1\r\nHost: waves.lat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400, public, max-age=31536000, immutable\r\nreferrer-policy: no-referrer, no-referrer\r\ncross-origin-opener-policy: same-origin\r\nx-frame-options: ALLOWALL\r\nlast-modified: Fri, 30 Jan 2026 07:47:48 GMT\r\nx-powered-by: Express\r\ncross-origin-resource-policy: same-origin\r\ncontent-length: 28224\r\ncontent-type: font/woff2\r\nx-permitted-cross-domain-policies: none\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 0\r\npermissions-policy: interest-cohort=(), payment=(), usb=(), geolocation=()\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-dns-prefetch-control: off\r\norigin-agent-cluster: ?1\r\nx-download-options: noopen\r\naccept-ranges: bytes\r\ndate: Tue, 24 Feb 2026 14:02:13 GMT\r\nserver: Caddy\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":28224,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28224, version 1.0","md5":"b1042264af1c56a5b370152d52511f40","sha1":"1c62f348228aeaff99eda1ca329f03bc31ee4598","sha256":"7ecdca6842d2eb1a0ce240fea2790adef4cf5ab5b50e4a6248d3e47aeee9e798","sha512":"9f443e41c1d412316fccf67bffb131367847a63b3ca95984233c8f3376ca724aaff7340be55e621d0b712f5d25001ea6acce18835200e29690e833ee41abd04a","ssdeep":"768:quDvpZ99Ipvb2/HsN+2th72gA3i5sZtI7iTOa/qZj5r:JLphIh2vI+WkM5sZtmiqt5r","tlshash":"b7c2e1ad67e93cc8f7b3d137778d3ef84919ebe062caaac0064c5dc91590d911a95107","first_seen":"2025-06-20T09:25:34.386407Z","last_seen":"2026-03-11T13:07:32.771026Z","times_seen":23,"resource_available":false,"data":null}},"time_used":1599,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":1503,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/other/adzilla/circle/2-1/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:14.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 22:50:15 GMT","end":"Sat, 23 May 2026 23:48:46 GMT"},"fingerprint":{"sha1":"E0:64:EB:B0:39:B0:1B:31:05:CE:A0:93:C8:74:E7:A4:DE:D1:B3:77","sha256":"6D:BC:A3:C7:8F:67:2C:FE:E1:7A:88:EA:6C:8E:07:D4:1D:1F:CA:FD:54:30:02:80:22:B2:74:B5:95:C4:99:75"}}},"request":{"raw":"GET /sb/notifications/other/adzilla/circle/2-1/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:15 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:43:21 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68c012d9-1c51\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 85854\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EKJwPjZh8xfO8hDw%2B5GiG5qI9u0CL0Xoqm8ddURjmc%2Fuy3Ky7jFSkAXp2DVRLRq8smvBlgaeNsay7toSspy0qdta0nBvcnIehM%2B86GVlaK0%3D\"}]}\r\ncf-ray: 9d2f7fe40d92f3c7-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7249,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"8292d3ea103b809a1654ab7968821135","sha1":"d7e7df696966ddb3dd4da1133e94581c89398ce9","sha256":"f1076cc4ce6b8d851b4f77517afc23686678650493b5757b41dc77c266cbcf9f","sha512":"180b4c89a554d96fbd2525f4844c44749d74309abf55ab72ad4663b0e5778063e8983f318567134668f19044f8f1be6cd62eab94f68fa58b9cdecf3171d9ec9d","ssdeep":"192:V+HHrVwsR4snMiFjUFpQFhFeBZs2HCSGcEAVN7K7:VJsnMiFUFpQFhFeBZw5z7","tlshash":"72e165967bb90a08740bd1a739523b4777294003ab1fdc39abd2206cdfc52dd916378b","first_seen":"2025-09-14T23:01:21.744911Z","last_seen":"2026-03-31T06:41:18.89935Z","times_seen":114,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":41,"dns":1,"connect":8,"send":0,"wait":14,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/impr.gif?sid=H4sIAAAAAAAC_1RSvW8jRRydzUUUUCAIokPaAgRIxJldr9e7XHfio-GSE3foCiTEfOwmg8c7y86s7XOV4xAFVegoQKyfk4uQEB9_AcihQ0K67VxcGv4ChHQ1cmIpMMXvY95o9H7v_b6Y1edkGzVb3rpppkprttPrUP-1u6qQZmz93Tt-QDv0un9XFXF03Z-sQjV6M-hGHfq6_24mBmYnpAGlAQ38d1SV5Wayc4FClT-kQSelnSjsBL0Ik-r_va09WOZBjs7J81Cyffav_EMosUAx_PmtzA6cKd94e1hr5kyFkTz9oBgUZlxgeFXmlYe8OF2_hrEtIV9vwBSn6wlgRserCcBVSzZefAxenK5pgo9OLplyjawAl89gPFog0wsotoAwD6DkIwIIid09FMOHu6Yas3uXKFuhLdl88g_UuCWbj19AMfzxhlYT_7bRtVOmsJjkDdRkAbW_QFmfwU09qPEZhPsMSv5Jdp68h2J4vGe1gZLLl-MwTsIwjrdZ3o-3o6DHttOgR7fDTHLOaJJESXIhkcoXYHYDtfVQKw917qEuPQzl0o9oEomAdeM8laJPIxZFMuM0TUJKWSr6qMV9KHkEUR2irA4xUEewBw2s9GAdwUg2J1Lb0DYPpbY1D9Y5XOduMzduf8ZOjNvPCgJWHaGSzbEqP7UPINy1-TS3cm5WgXHXzBmXzVxJtzErz8lzK928-cevYJAt_VT2ZD9LkjjifRbLJA3DLkskEzzgaS4TWNVA2Q0w62GqWnLr4DuUqiWvHv0Kzs5g9RmE8sDql8DGDdhBg2nxvc0K5zraaEjToHSbcPe8mT4nW_P379z47cK7j7YMMvEHWR-IqkFZNfhE_U6wr-__slc6NVRTtjLztmMuewpMteTpv7-EUC3ZenTtYq96N7-BKA9hy6u_rCHgpQetCHR2dc94A_ufnl_VM_s59isPXHtzrivvmOtKf3VJ06qln3ezUFCa9OOgm-RZ0I2kyHtJlMqY0W43g7Ot-van_N8AAAD__2-bXoPVAwAA","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSvW8jRRydzUUUUCAIokPaAgRIxJldr9e7XHfio-GSE3foCiTEfOwmg8c7y86s7XOV4xAFVegoQKyfk4uQEB9_AcihQ0K67VxcGv4ChHQ1cmIpMMXvY95o9H7v_b6Y1edkGzVb3rpppkprttPrUP-1u6qQZmz93Tt-QDv0un9XFXF03Z-sQjV6M-hGHfq6_24mBmYnpAGlAQ38d1SV5Wayc4FClT-kQSelnSjsBL0Ik-r_va09WOZBjs7J81Cyffav_EMosUAx_PmtzA6cKd94e1hr5kyFkTz9oBgUZlxgeFXmlYe8OF2_hrEtIV9vwBSn6wlgRserCcBVSzZefAxenK5pgo9OLplyjawAl89gPFog0wsotoAwD6DkIwIIid09FMOHu6Yas3uXKFuhLdl88g_UuCWbj19AMfzxhlYT_7bRtVOmsJjkDdRkAbW_QFmfwU09qPEZhPsMSv5Jdp68h2J4vGe1gZLLl-MwTsIwjrdZ3o-3o6DHttOgR7fDTHLOaJJESXIhkcoXYHYDtfVQKw917qEuPQzl0o9oEomAdeM8laJPIxZFMuM0TUJKWSr6qMV9KHkEUR2irA4xUEewBw2s9GAdwUg2J1Lb0DYPpbY1D9Y5XOduMzduf8ZOjNvPCgJWHaGSzbEqP7UPINy1-TS3cm5WgXHXzBmXzVxJtzErz8lzK928-cevYJAt_VT2ZD9LkjjifRbLJA3DLkskEzzgaS4TWNVA2Q0w62GqWnLr4DuUqiWvHv0Kzs5g9RmE8sDql8DGDdhBg2nxvc0K5zraaEjToHSbcPe8mT4nW_P379z47cK7j7YMMvEHWR-IqkFZNfhE_U6wr-__slc6NVRTtjLztmMuewpMteTpv7-EUC3ZenTtYq96N7-BKA9hy6u_rCHgpQetCHR2dc94A_ufnl_VM_s59isPXHtzrivvmOtKf3VJ06qln3ezUFCa9OOgm-RZ0I2kyHtJlMqY0W43g7Ot-van_N8AAAD__2-bXoPVAwAA HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=62682266-af76-415a-9150-2edbba088488:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27484197=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:15 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 5\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c1f0598f2f9d03602d43b15a9524a158\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:36:36 GMT","end":"Sat, 28 Mar 2026 23:36:35 GMT"},"fingerprint":{"sha1":"0E:EE:1D:ED:80:5A:CA:0C:1E:93:89:94:78:B7:34:91:38:D4:89:51","sha256":"CF:77:1B:FB:04:67:32:02:DF:D9:38:24:27:3D:A5:98:54:0C:4D:BA:C5:1B:62:FD:C1:E1:17:57:6F:63:B3:BF"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:13 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5422fef60cabd702e0872d3b2edd49bf\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-06T07:52:28.368921Z","times_seen":13341,"resource_available":true,"data":null}},"time_used":162,"timings":{"blocked":53,"dns":1,"connect":17,"send":0,"wait":27,"receive":21,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:36:36 GMT","end":"Sat, 28 Mar 2026 23:36:35 GMT"},"fingerprint":{"sha1":"0E:EE:1D:ED:80:5A:CA:0C:1E:93:89:94:78:B7:34:91:38:D4:89:51","sha256":"CF:77:1B:FB:04:67:32:02:DF:D9:38:24:27:3D:A5:98:54:0C:4D:BA:C5:1B:62:FD:C1:E1:17:57:6F:63:B3:BF"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:13 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 585d6e514c8afa336a3cda5ab6b57d98\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-06T07:52:28.368921Z","times_seen":13341,"resource_available":true,"data":null}},"time_used":153,"timings":{"blocked":54,"dns":1,"connect":18,"send":0,"wait":21,"receive":18,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Fother%2Fadzilla%2Fflip_icon_fullpage%2F2%2Fcss%2Fanimate.css\u0026l=78693\u0026fd=75","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 21:44:44 GMT","end":"Sun, 24 May 2026 21:44:43 GMT"},"fingerprint":{"sha1":"4C:9B:DC:71:4E:6F:7E:04:5A:F2:21:54:DA:06:E8:A0:34:82:CB:86","sha256":"23:FF:1C:4C:C9:81:C7:C0:A0:EB:2B:81:77:68:85:F3:47:33:36:DE:71:C4:DB:B4:66:77:5F:24:24:B9:A7:89"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Fother%2Fadzilla%2Fflip_icon_fullpage%2F2%2Fcss%2Fanimate.css\u0026l=78693\u0026fd=75 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27289473=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":665,"timings":{"blocked":278,"dns":1,"connect":94,"send":0,"wait":95,"receive":0,"ssl":192},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 43136\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 24 Feb 2026 12:55:33 GMT\r\nexpires: Wed, 24 Feb 2027 12:55:33 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 18 Feb 2026 19:51:37 GMT\r\ncontent-type: font/woff2\r\nage: 4002\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43136,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43136, version 1.0","md5":"665db5e157d2138835c4037c971ff3a4","sha1":"41ca6b7e4818eb81531d8006ff7ddd971c640879","sha256":"1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc","sha512":"6c999466673c9873b1b112d6ab95c7cecb99467ea156e3e046b54c5f3d109c3845b05cbb2a0245d178430c7b2ceacd5110f7d8faf7e041100f44852b0c29fe9a","ssdeep":"768:tMTmVhyXCrekkraPAjrWMMWD3UJmw0FRwoglekm+hQ7//geceSF/mEQBPMAmDu5:cmHkCrHvPAjrWMMI3UJswogl4j7/hSlW","tlshash":"f9130231eb70ee59962c903454e7fda9433b1457d731aca80e99a1ce6f8103454facec","first_seen":"2026-02-19T22:27:43.350598Z","last_seen":"2026-04-06T09:13:39.557612Z","times_seen":65468,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.540Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 43136\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 24 Feb 2026 12:55:33 GMT\r\nexpires: Wed, 24 Feb 2027 12:55:33 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 18 Feb 2026 19:51:37 GMT\r\ncontent-type: font/woff2\r\nage: 4002\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43136,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43136, version 1.0","md5":"665db5e157d2138835c4037c971ff3a4","sha1":"41ca6b7e4818eb81531d8006ff7ddd971c640879","sha256":"1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc","sha512":"6c999466673c9873b1b112d6ab95c7cecb99467ea156e3e046b54c5f3d109c3845b05cbb2a0245d178430c7b2ceacd5110f7d8faf7e041100f44852b0c29fe9a","ssdeep":"768:tMTmVhyXCrekkraPAjrWMMWD3UJmw0FRwoglekm+hQ7//geceSF/mEQBPMAmDu5:cmHkCrHvPAjrWMMI3UJswogl4j7/hSlW","tlshash":"f9130231eb70ee59962c903454e7fda9433b1457d731aca80e99a1ce6f8103454facec","first_seen":"2026-02-19T22:27:43.350598Z","last_seen":"2026-04-06T09:13:39.557612Z","times_seen":65468,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/ren.gif?sid=H4sIAAAAAAAC_1RSu4skRRyu3lsMNBBdMRM6EFRwZvs1j_YiDx-JtyveyQWCUI_uuZ9T09V2dc_MTbTriYHRmpkIPd_s3iKIj79AmTUThOtsgtvEv0CEi2VmB1YL6veoryi-7_fVV_PqkrVQ8dWHt82MtOb7nbbnvn6PMmUm1j246_pe27vp3qOsG910p-tQjN_yw6jtveG-n8ih2Q883_N8z3ffoyJJzXR_g4LyH2K_HXvtKGj7nQjT4v-9rRxY7kCNL9mLINU8_1f6CUgukY1-fiexw9Lkb747qjQvTYGxOv84G2ZmkmF0XaaFgzQ7396GsQ1j3-7AZOdbBTDj07UCCGrYzstPILLzLU2I8dkVU6GRZBDqOUzGSyR6CeJLSPMQpB4zQCocHCIbPTowxYQ_uEL5Gm3Y7tN_QJOG7T55Cdnox1uapu4do6uSTGYxTWvQdAkaLJFXFyhnDmhyAVl-AVJ_sv2nHyAbnR5abUBq9aoMeRr2ZK_Vl16vFSUibok47rdU1O2lUqhAhelmRJQuwa2Dar3JQZU6qHIHI7VyI68fSZ-H3TRWsudFPIpUIry4H3gej2UPlTwGqRPI4gh5cYQhncDer2GVA1syjFV9prQNbP1IaVsJf5uDbQ7rhSkHc35mykGSMfDiBIWqTyn_3D6ELG8sZqlVC7MOXJT1ggtVL0iVO_P8kr2wnptTD44xTFYu98Netx_1VSCS2O9EIoi4H3WSHg95X6VdWKpBdmejdkYNO5y9jZwa9trJrxD8AlZfQNIN8OoV8EkNfr_GLPt-wseJbWteQpkaebmL8oEz15dsb_HR3Vu_bbz7dM8ikX-w7YIsauRFjc_od4aBPv7lMC9pRDO-NvNOycvkGXBq2LN_fw1JDdt7fGPzrzq3a8j8CDa_fssaBpE70MSgk-tzLmrY__Tiup7bLzEoHAjtLIQunFOhC_3NFU1LK7cTiLDb73eTtKvSUIVBqOKOl8QRj7tRHHVQ2oa--yn9NwAA__9veAYi1QMAAA==","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:14.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 21:44:44 GMT","end":"Sun, 24 May 2026 21:44:43 GMT"},"fingerprint":{"sha1":"4C:9B:DC:71:4E:6F:7E:04:5A:F2:21:54:DA:06:E8:A0:34:82:CB:86","sha256":"23:FF:1C:4C:C9:81:C7:C0:A0:EB:2B:81:77:68:85:F3:47:33:36:DE:71:C4:DB:B4:66:77:5F:24:24:B9:A7:89"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSu4skRRyu3lsMNBBdMRM6EFRwZvs1j_YiDx-JtyveyQWCUI_uuZ9T09V2dc_MTbTriYHRmpkIPd_s3iKIj79AmTUThOtsgtvEv0CEi2VmB1YL6veoryi-7_fVV_PqkrVQ8dWHt82MtOb7nbbnvn6PMmUm1j246_pe27vp3qOsG910p-tQjN_yw6jtveG-n8ih2Q883_N8z3ffoyJJzXR_g4LyH2K_HXvtKGj7nQjT4v-9rRxY7kCNL9mLINU8_1f6CUgukY1-fiexw9Lkb747qjQvTYGxOv84G2ZmkmF0XaaFgzQ7396GsQ1j3-7AZOdbBTDj07UCCGrYzstPILLzLU2I8dkVU6GRZBDqOUzGSyR6CeJLSPMQpB4zQCocHCIbPTowxYQ_uEL5Gm3Y7tN_QJOG7T55Cdnox1uapu4do6uSTGYxTWvQdAkaLJFXFyhnDmhyAVl-AVJ_sv2nHyAbnR5abUBq9aoMeRr2ZK_Vl16vFSUibok47rdU1O2lUqhAhelmRJQuwa2Dar3JQZU6qHIHI7VyI68fSZ-H3TRWsudFPIpUIry4H3gej2UPlTwGqRPI4gh5cYQhncDer2GVA1syjFV9prQNbP1IaVsJf5uDbQ7rhSkHc35mykGSMfDiBIWqTyn_3D6ELG8sZqlVC7MOXJT1ggtVL0iVO_P8kr2wnptTD44xTFYu98Netx_1VSCS2O9EIoi4H3WSHg95X6VdWKpBdmejdkYNO5y9jZwa9trJrxD8AlZfQNIN8OoV8EkNfr_GLPt-wseJbWteQpkaebmL8oEz15dsb_HR3Vu_bbz7dM8ikX-w7YIsauRFjc_od4aBPv7lMC9pRDO-NvNOycvkGXBq2LN_fw1JDdt7fGPzrzq3a8j8CDa_fssaBpE70MSgk-tzLmrY__Tiup7bLzEoHAjtLIQunFOhC_3NFU1LK7cTiLDb73eTtKvSUIVBqOKOl8QRj7tRHHVQ2oa--yn9NwAA__9veAYi1QMAAA== HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27289473=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:14 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b579e09ab256424fc201a25fc3f80f40\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/other/adzilla/flip_icon_fullpage/2/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 22:50:15 GMT","end":"Sat, 23 May 2026 23:48:46 GMT"},"fingerprint":{"sha1":"E0:64:EB:B0:39:B0:1B:31:05:CE:A0:93:C8:74:E7:A4:DE:D1:B3:77","sha256":"6D:BC:A3:C7:8F:67:2C:FE:E1:7A:88:EA:6C:8E:07:D4:1D:1F:CA:FD:54:30:02:80:22:B2:74:B5:95:C4:99:75"}}},"request":{"raw":"GET /sb/interstitial/other/adzilla/flip_icon_fullpage/2/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://waves.lat\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:15 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:21:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68c00da2-125d\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 69364\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0%2B2x9New4eOrymhI%2FVC7d6IQW27O%2BPTl3ldG6OrS8oWC7QGiVVmLUpJpw8hpGx5JQhr2SEu%2FcLSskrza75iHuqsDOU3yyBSWCcYFvcdw3rw%3D\"}]}\r\ncf-ray: 9d2f7fe42e05f3c7-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4701,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"d71ea95ff1c111d11a4ca2728f066cdc","sha1":"c05803274b14419bc51f540dcb012ba2222ed5a2","sha256":"f776b149cb614a7084d097398af9f8af0e85e638bd3f2265bff72f71b5af3590","sha512":"5abd7597409d80481282d6524467208961cef85ab501a3b25362eddafca33545b7ae73c649b5cc9bfcbcbddef94ddf8a07f06647537b9385bf87238954db0ca8","ssdeep":"96:iTMXkGx0DsOX7Uj6nUHYrH6B1GqddvXVSWnO9vAs3xt4fA4n:IMXDbj64Yc15dJFRO9vAs3LuA4n","tlshash":"a2a120967a630845b517e4aa3f332746631844079a0bd9797fc4738c8fc61dd85e3b8e","first_seen":"2025-09-13T17:52:06.425999Z","last_seen":"2026-04-03T04:11:11.119381Z","times_seen":196,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":44,"dns":1,"connect":11,"send":0,"wait":14,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fother%2Fadzilla%2Fcircle%2F2-1%2Fcss%2Fstyle.css\u0026l=7249\u0026fd=85","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 21:44:44 GMT","end":"Sun, 24 May 2026 21:44:43 GMT"},"fingerprint":{"sha1":"4C:9B:DC:71:4E:6F:7E:04:5A:F2:21:54:DA:06:E8:A0:34:82:CB:86","sha256":"23:FF:1C:4C:C9:81:C7:C0:A0:EB:2B:81:77:68:85:F3:47:33:36:DE:71:C4:DB:B4:66:77:5F:24:24:B9:A7:89"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fother%2Fadzilla%2Fcircle%2F2-1%2Fcss%2Fstyle.css\u0026l=7249\u0026fd=85 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27289473=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1RSzYsjRRytnh086EF0xJvQB0EFk-lOd5Ju9-Tix8WdEXdlD4JQH93Zn6l0tV3dSTanGVc8eBpvXoTOy8wOgvjxFygZb4Kwfcth5-JfIMKeJZnAaEH9PuoVxXu_V1_Nq0vWQsVXH942M9Ka73fbnvv6PcqUmVj34K7re23vpnuPsl54052uQzF-yw_CtveG-34ih2a_4_me53u--x4VSWqm-xsUlP8Q--3Ya4edtt8NMS3-39vKgeUO1PiSvQhSzfN_pZ-A5BLZ6Od3EjssTf7mu6NK89IUGKvzj7NhZiYZRtdlWjhIs_PtbRjbMPbtDkx2vlUAMz5dK4Cghu28_AQiO9_ShBifXTEVGkkGoZ7DZLxEopcgvoQ0D0HqMQOkwsEhstGjA1NM-IMrlK_Rhu0-_Qc0adjuk5eQjX68pWnq3jG6KslkFtO0Bk2XoMESeXWBcuaAJheQ5Rcg9Sfbf_oBstHpodUGpFavyoCnQV_2W5H0-q0wEXFLxHHUUmGvn0qhOipINyOidAluHVTrTQ6q1EGVOxiplRt6USh9HvTSWMm-F_IwVInw4qjjeTyWfVTyGKROIIsj5MURhnQCe7-GVQ5syTBW9ZnStmPrR0rbSvjb3NnmoF6YcjDnZ6YcJBkDL05QqPqU8s_tQ8jyxmKWWrUw68BFWS-4UPWCVLkzzy_ZC-u5OfXgGMNk5XI_6PeiMFIdkcR-NxSdkPthN-nzgEcq7cFSDbI7G7Uzatjh7G3k1LDXTn6F4Bew-gKSboBXr4BPavD7NWbZ9xM-Tmxb8xLK1MjLXZQPnLm-ZHuLj-7e-m3j3ad7Fon8g20XZFEjL2p8Rr8zDPTxL4d5SSOa8bWZd0peJs-AU8Oe_ftrSGrY3uMbm3_VvV1D5kew-fVb1jCI3IEmBp1cn3NRw_6nF9f13H6JQeFAaGchdOGcCl3ob65oWlq5aZB0pOdF_Z4fRGniB6GSaTcKY9XjXhAkKG1D3_2U_hsAAP__kxCW_NUDAAA=","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 21:44:44 GMT","end":"Sun, 24 May 2026 21:44:43 GMT"},"fingerprint":{"sha1":"4C:9B:DC:71:4E:6F:7E:04:5A:F2:21:54:DA:06:E8:A0:34:82:CB:86","sha256":"23:FF:1C:4C:C9:81:C7:C0:A0:EB:2B:81:77:68:85:F3:47:33:36:DE:71:C4:DB:B4:66:77:5F:24:24:B9:A7:89"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSzYsjRRytnh086EF0xJvQB0EFk-lOd5Ju9-Tix8WdEXdlD4JQH93Zn6l0tV3dSTanGVc8eBpvXoTOy8wOgvjxFygZb4Kwfcth5-JfIMKeJZnAaEH9PuoVxXu_V1_Nq0vWQsVXH942M9Ka73fbnvv6PcqUmVj34K7re23vpnuPsl54052uQzF-yw_CtveG-34ih2a_4_me53u--x4VSWqm-xsUlP8Q--3Ya4edtt8NMS3-39vKgeUO1PiSvQhSzfN_pZ-A5BLZ6Od3EjssTf7mu6NK89IUGKvzj7NhZiYZRtdlWjhIs_PtbRjbMPbtDkx2vlUAMz5dK4Cghu28_AQiO9_ShBifXTEVGkkGoZ7DZLxEopcgvoQ0D0HqMQOkwsEhstGjA1NM-IMrlK_Rhu0-_Qc0adjuk5eQjX68pWnq3jG6KslkFtO0Bk2XoMESeXWBcuaAJheQ5Rcg9Sfbf_oBstHpodUGpFavyoCnQV_2W5H0-q0wEXFLxHHUUmGvn0qhOipINyOidAluHVTrTQ6q1EGVOxiplRt6USh9HvTSWMm-F_IwVInw4qjjeTyWfVTyGKROIIsj5MURhnQCe7-GVQ5syTBW9ZnStmPrR0rbSvjb3NnmoF6YcjDnZ6YcJBkDL05QqPqU8s_tQ8jyxmKWWrUw68BFWS-4UPWCVLkzzy_ZC-u5OfXgGMNk5XI_6PeiMFIdkcR-NxSdkPthN-nzgEcq7cFSDbI7G7Uzatjh7G3k1LDXTn6F4Bew-gKSboBXr4BPavD7NWbZ9xM-Tmxb8xLK1MjLXZQPnLm-ZHuLj-7e-m3j3ad7Fon8g20XZFEjL2p8Rr8zDPTxL4d5SSOa8bWZd0peJs-AU8Oe_ftrSGrY3uMbm3_VvV1D5kew-fVb1jCI3IEmBp1cn3NRw_6nF9f13H6JQeFAaGchdOGcCl3ob65oWlq5aZB0pOdF_Z4fRGniB6GSaTcKY9XjXhAkKG1D3_2U_hsAAP__kxCW_NUDAAA= HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27289473=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:15 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 1cabf307955b1455787f38b4b1be68be\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/assets/images/icons/favicon.ico","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:23.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waves.lat","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 00:34:17 GMT","end":"Fri, 15 May 2026 00:34:16 GMT"},"fingerprint":{"sha1":"AB:7B:3A:A8:C3:DC:5E:16:FE:75:F0:2F:DB:35:8F:8B:18:7D:8B:0C","sha256":"46:52:82:59:82:73:1E:01:CB:9B:E5:EC:97:78:E2:54:6F:1B:9E:BB:AD:7E:6F:BD:47:B5:67:BD:4A:31:1A:97"}}},"request":{"raw":"GET /assets/images/icons/favicon.ico HTTP/1.1\r\nHost: waves.lat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://waves.lat/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ga_WGJ2192JZY=GS2.1.s1771941733$o1$g0$t1771941733$j60$l0$h0; _ga=GA1.1.2063003339.1771941734; _ga_FET2541BZ7=GS2.1.s1771941733$o1$g0$t1771941733$j60$l0$h0; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f%3A1%3A1; sb_main_9d5d7e8864b7a6d89223a8dacb1b9fd8=1; sb_count_9d5d7e8864b7a6d89223a8dacb1b9fd8=1; sb_main_a1376848d2be9154b24a145e7a3a8df6=1; sb_count_a1376848d2be9154b24a145e7a3a8df6=1; pp_main_aed076d8107ca5d3c26d23543900a3c4=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=sourshaped.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: Caddy\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-download-options: noopen\r\ncross-origin-resource-policy: same-origin\r\ncontent-type: image/vnd.microsoft.icon\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400, public, max-age=31536000, immutable\r\nx-content-type-options: nosniff, nosniff\r\nx-permitted-cross-domain-policies: none\r\naccept-ranges: bytes\r\nx-frame-options: ALLOWALL\r\npermissions-policy: interest-cohort=(), payment=(), usb=(), geolocation=()\r\nreferrer-policy: no-referrer, no-referrer\r\nx-dns-prefetch-control: off\r\ncross-origin-opener-policy: same-origin\r\nlast-modified: Fri, 30 Jan 2026 07:47:48 GMT\r\ndate: Tue, 24 Feb 2026 14:02:23 GMT\r\nx-xss-protection: 1; mode=block, 0\r\norigin-agent-cluster: ?1\r\ncontent-encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":173244,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"6d27871557a5ae4bb328382e5f3cde1b","sha1":"2014d730891f87eede76250f1c8e302917fcbab8","sha256":"c05f5ed68eb3a0acef7da62306fbde12c0adcf4486d9dcab31993b7d326d9f22","sha512":"7d2ee9863c7a895f0c531f8e325d1b85e12d66df4363535d4b054ea19da4d924266856286f7661e164404a00f243fadb467a7b750b5fa10f447e1bd144f02e98","ssdeep":"384:enGnlxyObF6iy7yfwXRxZwN6UezU8Sf+yGpTN2intHirfU+x8hs1a/ZQeO7SieJS:5afppTNRHisQeNOQFvemTxX46u","tlshash":"090493627b208c5ed82993fd9463cbb413226d583931c5023af2feabb7777814c01a76","first_seen":"2025-08-28T11:14:56.301395Z","last_seen":"2026-03-11T13:07:32.723815Z","times_seen":11,"resource_available":false,"data":null}},"time_used":4117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":354,"receive":3763,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=847\u0026rd=847\u0026fd=577\u0026bv=26.2.5025\u0026tmpl=70","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:50:13 GMT","end":"Sun, 29 Mar 2026 00:50:12 GMT"},"fingerprint":{"sha1":"B6:89:38:EE:EF:1E:F1:A0:93:51:BB:7A:F2:13:F5:DF:8C:9B:8F:F7","sha256":"74:22:2C:3F:1E:A6:04:C8:AD:7C:D8:B4:13:57:A5:95:EF:83:FA:28:18:BC:F3:BD:38:93:CB:DA:4B:30:3F:8A"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=847\u0026rd=847\u0026fd=577\u0026bv=26.2.5025\u0026tmpl=70 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:14 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":657,"timings":{"blocked":280,"dns":1,"connect":92,"send":0,"wait":94,"receive":0,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-24T14:02:12.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waves.lat","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 00:34:17 GMT","end":"Fri, 15 May 2026 00:34:16 GMT"},"fingerprint":{"sha1":"AB:7B:3A:A8:C3:DC:5E:16:FE:75:F0:2F:DB:35:8F:8B:18:7D:8B:0C","sha256":"46:52:82:59:82:73:1E:01:CB:9B:E5:EC:97:78:E2:54:6F:1B:9E:BB:AD:7E:6F:BD:47:B5:67:BD:4A:31:1A:97"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: waves.lat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nx-download-options: noopen\r\ncross-origin-resource-policy: same-origin\r\nlast-modified: Mon, 23 Feb 2026 05:23:12 GMT\r\nreferrer-policy: no-referrer, no-referrer\r\nx-content-type-options: nosniff, nosniff\r\nx-frame-options: ALLOWALL\r\netag: W/\"863a-19c88f39cdb\"\r\ncontent-type: text/html; charset=utf-8\r\nx-dns-prefetch-control: off\r\naccept-ranges: bytes\r\nlink: \u003c/assets/css/index.css\u003e; rel=preload; as=style, \u003c/assets/fonts/Lexend-Regular.woff2\u003e; rel=preload; as=font; crossorigin\r\npermissions-policy: interest-cohort=(), payment=(), usb=(), geolocation=()\r\ncross-origin-opener-policy: same-origin\r\norigin-agent-cluster: ?1\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\ndate: Tue, 24 Feb 2026 14:02:12 GMT\r\nx-permitted-cross-domain-policies: none\r\ncontent-encoding: br\r\nserver: Caddy\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-xss-protection: 1; mode=block, 0\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400, public, max-age=0\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":34362,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (369)","md5":"882732621632e55d7330ebe14feb415c","sha1":"c86508164612cc8a5f81e5d8105ed2ccbfa67403","sha256":"3c53875f7f6f422362b9e7c24a76988e0d312e83b9e08dcfc36871298876a6a0","sha512":"f83d5185fd81315995dc9003f788fa34b2bbbe8a01463a78703f02cc12f382d7a84426b5674aa0e5ba9f640031ad3489ff194dea93cce95c15f7fba40905c2e2","ssdeep":"384:4TUBUHbCibK4YoLK2LnLsRMRMRKYjreGM:bUHbC+K8noRMRMRmN","tlshash":"cdf2c77216f8082f32628651b7b4335e7d02e507c80b9545f5be0ae89fb3d9bd81376a","first_seen":"2026-02-24T14:02:40.227589Z","last_seen":"2026-02-24T14:02:40.227589Z","times_seen":1,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Fother%2Fadzilla%2Fflip_icon_fullpage%2F2%2Fcss%2Fstyle.css\u0026l=4701\u0026fd=74","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 21:44:44 GMT","end":"Sun, 24 May 2026 21:44:43 GMT"},"fingerprint":{"sha1":"4C:9B:DC:71:4E:6F:7E:04:5A:F2:21:54:DA:06:E8:A0:34:82:CB:86","sha256":"23:FF:1C:4C:C9:81:C7:C0:A0:EB:2B:81:77:68:85:F3:47:33:36:DE:71:C4:DB:B4:66:77:5F:24:24:B9:A7:89"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Fother%2Fadzilla%2Fflip_icon_fullpage%2F2%2Fcss%2Fstyle.css\u0026l=4701\u0026fd=74 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://waves.lat/\r\nCookie: uid_id2=c3af37c7-8c07-4eb9-b998-d467fcbd2d3f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27289473=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 24 Feb 2026 14:02:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":663,"timings":{"blocked":276,"dns":1,"connect":98,"send":0,"wait":95,"receive":0,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waves.lat/!!/https://site-assets.fontawesome.com/releases/v7.2.0/css/all.css","fqdn":"waves.lat","domain":"waves.lat","tld":"lat"},"ip":{"addr":"152.53.209.16","port":443,"asn":0,"as":"","country":"Austria","country_code":"AT"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:13.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waves.lat","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 00:34:17 GMT","end":"Fri, 15 May 2026 00:34:16 GMT"},"fingerprint":{"sha1":"AB:7B:3A:A8:C3:DC:5E:16:FE:75:F0:2F:DB:35:8F:8B:18:7D:8B:0C","sha256":"46:52:82:59:82:73:1E:01:CB:9B:E5:EC:97:78:E2:54:6F:1B:9E:BB:AD:7E:6F:BD:47:B5:67:BD:4A:31:1A:97"}}},"request":{"raw":"GET /!!/https://site-assets.fontawesome.com/releases/v7.2.0/css/all.css HTTP/1.1\r\nHost: waves.lat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://waves.lat/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nage: 5554\r\ncf-ray: 9d2f7f5e28354f53-IAD\r\naccess-control-max-age: 3000\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: ALLOWALL\r\npermissions-policy: interest-cohort=(), payment=(), usb=(), geolocation=()\r\nx-cache: HIT\r\ncontent-type: text/css\r\naccess-control-allow-methods: GET\r\nlast-modified: Thu, 05 Feb 2026 01:07:15 GMT\r\nserver: Caddy, cloudflare\r\ncontent-length: 40713\r\naccess-control-allow-origin: *\r\nexpires: Wed, 24 Feb 2027 14:01:53 GMT\r\nx-content-type-options: nosniff\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding, origin, access-control-request-method, access-control-request-headers\r\ncontent-encoding: gzip\r\ndate: Tue, 24 Feb 2026 14:01:53 GMT\r\nx-amz-id-2: 8K+g/MlYAslgx23wL9dEmOJCviQFtU6IFRnbr0exlXwtQ3xyUhe6Qi7zvvhBzStRtg+VQv++94w=\r\nx-amz-request-id: QQEHWKJ8MB0WANMQ\r\nx-xss-protection: 1; mode=block\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400, public, max-age=31536000, immutable\r\netag: W/\"816d1405cf07d9a61a5c8e9ec9864e62\"\r\nx-amz-server-side-encryption: AES256\r\ncf-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":160254,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (56835)","md5":"816d1405cf07d9a61a5c8e9ec9864e62","sha1":"aa6c413c00234c167e831399cf562005cf56f9d4","sha256":"c4cd5ef4a83e4fe86cb852ddfc987e7f7482350993f66b40a70e6842008ea292","sha512":"dfb6d0748d240184e55cc045f98fbfeeff426fd044c250957a64a4e2863f2597c71c09045b140ff5676663a57935e19e4044a3f190373a69919bb4551f469c1d","ssdeep":"1536:rM1MvMaMfMexMzmpsdS8uHQEVW/B2odPHGvEbpNG+5peLwkrLOHZ8/erkhK:AxMzmlQ/coVHEEfGjLdWrkc","tlshash":"88f3a813ad80129bb4568d7f3895bf38a6f3e7249bd10586a4344d957ef28ad304fb32","first_seen":"2026-02-19T13:39:57.039597Z","last_seen":"2026-04-06T03:20:51.363659Z","times_seen":10,"resource_available":false,"data":null}},"time_used":5330,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":5228,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"waves.lat","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/other/adzilla/circle/2-1/img/close.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://waves.lat/","date":"2026-02-24T14:02:15.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 22:50:15 GMT","end":"Sat, 23 May 2026 23:48:46 GMT"},"fingerprint":{"sha1":"E0:64:EB:B0:39:B0:1B:31:05:CE:A0:93:C8:74:E7:A4:DE:D1:B3:77","sha256":"6D:BC:A3:C7:8F:67:2C:FE:E1:7A:88:EA:6C:8E:07:D4:1D:1F:CA:FD:54:30:02:80:22:B2:74:B5:95:C4:99:75"}}},"request":{"raw":"GET /sb/notifications/other/adzilla/circle/2-1/img/close.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Feb 2026 14:02:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 5982\r\nserver: cloudflare\r\nlast-modified: Tue, 09 Sep 2025 11:42:23 GMT\r\npriority: u=4,i=?0\r\netag: \"68c0129f-175e\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 378890\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BCMYEupWYUUF4aLcOnpGGy8mQ2CNbz3%2FxCeKxjriMZhQMeYvomG%2FIINg5p4lo44FgPWJjo%2BrERrsd3RM09M82SYBbDGvqdoX5iHEiwX9pOw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d2f7fe4de16d9c3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5982,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced","md5":"c489ce2c491a22ee37a55e26a92dfd73","sha1":"2fa588ab09e94dd902e5bd24b48f98ad1949c9d6","sha256":"1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd","sha512":"fe6a53296238283eac984b1912bfe7fbbdf5f0692f59f86e7e1ca989555a81be786ff29b9f8644443b2ace8137d412b6d9a92b0edf7f595ddf36058702a2d0d0","ssdeep":"96:FSDZ/I09Da01l+gmkyTt6Hk8nTbo5GZNKEBX97O+co2RF9JNssCgSSiiFr4uolec:FSDS0tKg9E05TAYwEBPwF9JNsTgSSL3C","tlshash":"80c1afeff8a058cf4566b7021c8e4080fbaa713d835536b4d4a092dc958be4a0fd7475","first_seen":"2023-04-05T23:50:36Z","last_seen":"2026-04-03T18:56:21.987759Z","times_seen":4059,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}